Unrated severityNVD Advisory· Published Feb 18, 2021· Updated Sep 17, 2024
CVE-2020-29448
CVE-2020-29448
Description
The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4before 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3+ 1 more
- (no CPE)range: before 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3
- (no CPE)range: unspecified
before 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3+ 1 more
- (no CPE)range: before 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3
- (no CPE)range: unspecified
Patches
Vulnerability mechanics
References
1- jira.atlassian.com/browse/CONFSERVER-60469mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.