CVE-2019-15006
First published: Thu Dec 19 2019(Updated: )
There was a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center. This plugin was used to facilitate communication with the Atlassian Companion application. The Confluence Previews plugin in Confluence Server and Confluence Data Center communicated with the Companion application via the atlassian-domain-for-localhost-connections-only.com domain name, the DNS A record of which points at 127.0.0.1. Additionally, a signed certificate for the domain was publicly distributed with the Companion application. An attacker in the position to control DNS resolution of their victim could carry out a man-in-the-middle (MITM) attack between Confluence Server (or Confluence Data Center) and the atlassian-domain-for-localhost-connections-only.com domain intended to be used with the Companion application. This certificate has been revoked, however, usage of the atlassian-domain-for-localhost-connections-only.com domain name was still present in Confluence Server and Confluence Data Center. An attacker could perform the described attack by denying their victim access to certificate revocation information, and carry out a man-in-the-middle (MITM) attack to observe files being edited using the Companion application and/or modify them, and access some limited user information.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Confluence | >=6.11.0<6.13.10 | |
| Atlassian Confluence Server | >=6.14.0<6.15.10 | |
| Atlassian Confluence Server | >=7.0.1<7.0.5 | |
| Atlassian Confluence Server | >=7.1.0<7.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/155742/Atlassian-Confluence-Man-In-The-Middle.html
- https://confluence.atlassian.com/doc/confluence-security-advisory-2019-12-18-982324349.html
- https://jira.atlassian.com/browse/CONFSERVER-59244
- https://seclists.org/bugtraq/2019/Dec/36
- https://twitter.com/SwiftOnSecurity/status/1202034106495832067
Frequently Asked Questions
What is the vulnerability ID for this Confluence Previews plugin vulnerability?
The vulnerability ID for this Confluence Previews plugin vulnerability is CVE-2019-15006.
What is the severity of CVE-2019-15006?
The severity of CVE-2019-15006 is medium with a CVSS score of 6.5.
What is the affected software for CVE-2019-15006?
The affected software for CVE-2019-15006 includes Atlassian Confluence versions 6.11.0 to 6.13.10, Atlassian Confluence Server versions 6.14.0 to 6.15.10, Atlassian Confluence Server versions 7.0.1 to 7.0.5, and Atlassian Confluence Server versions 7.1.0 to 7.1.2.
What is the vulnerability description for CVE-2019-15006?
CVE-2019-15006 is a man-in-the-middle (MITM) vulnerability present in the Confluence Previews plugin in Confluence Server and Confluence Data Center.
Is there any fix available for CVE-2019-15006?
Yes, Atlassian has released a security advisory and a patch to address the vulnerability. It is recommended to update to the latest patched version of the Confluence Previews plugin.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/description
- agent/event
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/atlassian
- canonical/atlassian confluence
- version/atlassian confluence/6.11.0
- canonical/atlassian confluence server
- version/atlassian confluence server/6.14.0
- version/atlassian confluence server/7.0.1
- version/atlassian confluence server/7.1.0