CVE-2020-29448
Summary
| CVE | CVE-2020-29448 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-02-22 21:15:00 UTC |
| Updated | 2022-07-27 14:03:00 UTC |
| Description | The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Atlassian | Confluence | All | All | All | All |
| Application | Atlassian | Confluence | All | All | All | All |
| Application | Atlassian | Confluence Data Center | All | All | All | All |
| Application | Atlassian | Confluence Server | All | All | All | All |
| Application | Atlassian | Data Center | All | All | All | All |
| Application | Atlassian | Data Center | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [CONFSERVER-60469] Pre-Authorization Limited Arbitrary File Read in Confluence Server - CVE-2020-29448 - Create and track feature requests for Atlassian products. | MISC | jira.atlassian.com | Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.