Atlassian released a security advisory regarding two critical vulnerabilities. Both WebDAV and the Widget Connector are vulnerable and have been actively exploited. It is therefore highly recommended that if you have Confluence running locally, you update as soon as possible.
CVE-2019-3395 and CVE-2019-3396 are the two designated CVE numbers for the WebDAV and the Widget Connector vulnerabilities. The WebDAV vulnerability allows attackers to send HTTP and WebDAV requests from the Confluence Server or Data Center instance, while the widget connector allows for a server-side template injection if exploited successfully.
These two new vulnerabilities affect almost all versions of Confluence and should be mitigated as soon as possible. Reports on the popular social platform Reddit already confirm that these vulnerabilities are being exploited actively.
Atlassian released a security advisory containing info about which versions are effected and what you can do to mitigate the vulnerabilities.
Get A Report of All Vulnerable Confluence Installations
Our custom color-coded report can tell you in no time if your Confluence is vulnerable and needs to be patched. If you haven't already, start your free Lansweeper trial and get a list of all Confluence versions in your network in no time.