CVE-2020-29448 - OpenCVE

The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Atlassian	Confluence Data Center Confluence Server

Configuration 1 [-]

OR	cpe:2.3:a:atlassian:confluence_data_center::::::::
	cpe:2.3:a:atlassian:confluence_data_center::::::::
	cpe:2.3:a:atlassian:confluence_data_center::::::::
	cpe:2.3:a:atlassian:confluence_server::::::::
	cpe:2.3:a:atlassian:confluence_server::::::::
	cpe:2.3:a:atlassian:confluence_server::::::::

No data.

References

Link	Providers
https://jira.atlassian.com/browse/CONFSERVER-60469

History

No history.

MITRE

Status: PUBLISHED

Assigner: atlassian

Published: 2021-02-18T15:08:59.028136Z

Updated: 2024-09-17T02:31:11.206Z

Reserved: 2020-12-01T00:00:00

Link: CVE-2020-29448

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-02-22T21:15:19.460

Modified: 2022-07-27T14:03:52.773

Link: CVE-2020-29448

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Confluence Server", "vendor": "Atlassian", "versions": [{"lessThan": "6.13.18", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "6.14.0", "versionType": "custom"}, {"lessThan": "7.4.6", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "7.5.0", "versionType": "custom"}, {"lessThan": "7.8.3", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Confluence Data Center", "vendor": "Atlassian", "versions": [{"lessThan": "6.13.18", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "6.14.0", "versionType": "custom"}, {"lessThan": "7.4.6", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "7.5.0", "versionType": "custom"}, {"lessThan": "7.8.3", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2020-11-10T00:00:00", "descriptions": [{"lang": "en", "value": "The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check."}], "problemTypes": [{"descriptions": [{"description": "Arbitrary File Read", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-02-18T15:08:59", "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "shortName": "atlassian"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://jira.atlassian.com/browse/CONFSERVER-60469"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@atlassian.com", "DATE_PUBLIC": "2020-11-10T12:03:00", "ID": "CVE-2020-29448", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Confluence Server", "version": {"version_data": [{"version_affected": "<", "version_value": "6.13.18"}, {"version_affected": ">=", "version_value": "6.14.0"}, {"version_affected": "<", "version_value": "7.4.6"}, {"version_affected": ">=", "version_value": "7.5.0"}, {"version_affected": "<", "version_value": "7.8.3"}]}}, {"product_name": "Confluence Data Center", "version": {"version_data": [{"version_affected": "<", "version_value": "6.13.18"}, {"version_affected": ">=", "version_value": "6.14.0"}, {"version_affected": "<", "version_value": "7.4.6"}, {"version_affected": ">=", "version_value": "7.5.0"}, {"version_affected": "<", "version_value": "7.8.3"}]}}]}, "vendor_name": "Atlassian"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Arbitrary File Read"}]}]}, "references": {"reference_data": [{"name": "https://jira.atlassian.com/browse/CONFSERVER-60469", "refsource": "MISC", "url": "https://jira.atlassian.com/browse/CONFSERVER-60469"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:55:09.777Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jira.atlassian.com/browse/CONFSERVER-60469"}]}]}, "cveMetadata": {"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "assignerShortName": "atlassian", "cveId": "CVE-2020-29448", "datePublished": "2021-02-18T15:08:59.028136Z", "dateReserved": "2020-12-01T00:00:00", "dateUpdated": "2024-09-17T02:31:11.206Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "55705C1C-CF3D-4CD9-9341-83820CD3471F", "versionEndExcluding": "6.13.18", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "69C180A5-FDF6-4F41-ACAC-46BEECF8333E", "versionEndExcluding": "7.4.6", "versionStartIncluding": "6.14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "7CA7E7A7-B7FD-4B5B-B8BA-1A83470A6FE7", "versionEndExcluding": "7.8.3", "versionStartIncluding": "7.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC13F7E7-5DE0-4D04-BA05-4287DB34912E", "versionEndExcluding": "6.13.18", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "33104D47-DD3C-4068-95F6-EEFC60D7E0F8", "versionEndExcluding": "7.4.6", "versionStartIncluding": "6.14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "D74D7B97-4FCB-4E7E-9C20-5AC2CF2FB2F1", "versionEndExcluding": "7.8.3", "versionStartIncluding": "7.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check."}, {"lang": "es", "value": "La clase ConfluenceResourceDownloadRewriteRule en Confluence Server y Confluence Data Center versiones anteriores a 6.13.18, desde 6.14.0 anteriores a 7.4.6 y desde 7.5.0 anteriores a 7.8.3, permit\u00eda a atacantes remotos no autenticados leer archivos arbitrarios dentro de los directorios WEB-INF y META-INF por medio de una comprobaci\u00f3n de acceso de una ruta incorrecta"}], "id": "CVE-2020-29448", "lastModified": "2022-07-27T14:03:52.773", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-02-22T21:15:19.460", "references": [{"source": "security@atlassian.com", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://jira.atlassian.com/browse/CONFSERVER-60469"}], "sourceIdentifier": "security@atlassian.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}