CVE-2019-10100

Vulnerability

The JetBrains YouTrack Confluence plugin versions prior to 1.8.1.3 contain a Server-Side Template Injection (SSTI) vulnerability. An attacker with the ability to add an Issue macro to a Confluence page can inject malicious template code through the link-text-template field, while providing a valid id field to reach the vulnerable code path [1].

Exploitation

The attacker must have the ability to create or edit a Confluence page containing the Issue macro. The exploit requires only a valid issue ID and a specially crafted payload in the link-text-template field. No authentication beyond standard Confluence page editing privileges is needed. The attacker supplies a malicious template string in the link-text-template parameter, which is then processed by the server-side template engine without proper sanitization [1].

Impact

Successful exploitation allows the attacker to achieve remote code execution on the Confluence server. This leads to full compromise of the application server, including potential access to sensitive data, modification of configurations, and further lateral movement within the infrastructure [1].

Mitigation

The vulnerability is fixed in YouTrack Confluence plugin version 1.8.1.3, released as part of the JetBrains Q1 2019 security bulletin. Users should upgrade to this version or later. No workaround is documented; the only mitigation is to apply the update [1].