#VU23806 Man-in-the-Middle (MitM) attack in Atlassian Confluence Server - CVE-2019-15006

Cybersecurity Help s.r.o.

Published: 2019-12-24

Vulnerability identifier: #VU23806

Vulnerability risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-15006

CWE-ID: CWE-300

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Atlassian Confluence Server
Server applications / Web servers

Vendor: Atlassian

Description

The vulnerability allows a remote attacker to perform a man-in-the-middle attack.

The vulnerability exists within the Confluence Previews plugin in Confluence Server and Confluence Data Center. A remote attacker can perform a MitM attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Atlassian Confluence Server: 6.11.0 - 6.15.9, 7.0.1 - 7.0.4, 7.1.0 - 7.1.1

External links
https://confluence.atlassian.com/doc/confluence-security-advisory-2019-12-18-982324349.html
https://jira.atlassian.com/browse/CONFSERVER-59244
https://seclists.org/bugtraq/2019/Dec/36
https://twitter.com/SwiftOnSecurity/status/1202034106495832067

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

MitM attack in Atlassian Confluence Server and Data Center