VYPR
Unrated severityNVD Advisory· Published Feb 18, 2021· Updated Sep 17, 2024

CVE-2020-29448

CVE-2020-29448

Description

The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Atlassian/Confluencellm-fuzzy2 versions
    before 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3+ 1 more
    • (no CPE)range: before 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3
    • (no CPE)range: unspecified
  • before 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3+ 1 more
    • (no CPE)range: before 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3
    • (no CPE)range: unspecified

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.