The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 prior to 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 prior to 6.9.3 (the fixed version for 6.9.x) allows remote malicious users to send arbitrary HTTP and WebDAV requests from a Confluence Server or Data Center instance via Server-Side Request Forgery.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
atlassian confluence |
||
atlassian confluence server |