{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T00:11:49.973","vulnerabilities":[{"cve":{"id":"CVE-2019-3396","sourceIdentifier":"security@atlassian.com","published":"2019-03-25T19:29:01.647","lastModified":"2025-10-24T13:39:21.743","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection."},{"lang":"es","value":"La macro de Widget Connector en Atlassian Confluence and Data Center en versiones anteriores a la 6.6.12 (la versión solucionada para 6.6.x), desde la versión 6.7.0 hasta antes de la 6.12.3 (la versión solucionada para 6.12.x), desde la versión 6.13.0 hasta antes de la 6.13.3 (la versión solucionada para 6.13.x) y desde la versión 6.14.0 hasta antes de la 6.14.2 (la versión solucionada para 6.14.x) permite a los atacantes remotos lograr saltos de directorio y ejecución remota de código en una instancia de Confluence Server or Data Center a través de una inyección de plantillas del lado del servidor."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"cisaExploitAdd":"2021-11-03","cisaActionDue":"2022-05-03","cisaRequiredAction":"Apply updates per vendor instructions.","cisaVulnerabilityName":"Atlassian Confluence Server and Data Center Server-Side Template Injection Vulnerability","weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*","versionEndExcluding":"6.6.12","matchCriteriaId":"EE0A6BCA-F10E-4CFD-B740-AEAC08A6A5A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7.0","versionEndExcluding":"6.12.3","matchCriteriaId":"2253D975-8194-437C-958A-55ECF152E0AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13.0","versionEndExcluding":"6.13.3","matchCriteriaId":"675FE700-8FDB-44DD-9C8E-82DE7CB8BE1C"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*","versionStartIncluding":"6.14.0","versionEndExcluding":"6.14.2","matchCriteriaId":"68B7D049-4672-4914-A6BC-A311FC617128"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/152568/Atlassian-Confluence-Widget-Connector-Macro-Velocity-Template-Injection.html","source":"security@atlassian.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/161065/Atlassian-Confluence-6.12.1-Template-Injection.html","source":"security@atlassian.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.rapid7.com/db/modules/exploit/multi/http/confluence_widget_connector","source":"security@atlassian.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://jira.atlassian.com/browse/CONFSERVER-57974","source":"security@atlassian.com","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/46731/","source":"security@atlassian.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/152568/Atlassian-Confluence-Widget-Connector-Macro-Velocity-Template-Injection.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/161065/Atlassian-Confluence-6.12.1-Template-Injection.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.rapid7.com/db/modules/exploit/multi/http/confluence_widget_connector","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://jira.atlassian.com/browse/CONFSERVER-57974","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/46731/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-3396","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}}]}