CVE-2019-3396

The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3...

Basic Information

CVE State: PUBLISHED
Reserved Date: December 19, 2018
Published Date: March 25, 2019
Last Updated: February 07, 2025
Vendor: Atlassian
Product: Confluence Server
Description: The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.
Tags

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

10.0

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (2025-04-29 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2019-04-09 11:01:41 UTC) Source
Used in Malware: Yes (added 2021-11-03 00:00:00 UTC) Source

References

https://jira.atlassian.com/browse/CONFSERVER-57974 http://packetstormsecurity.com/files/152568/Atlassian-Confluence-Widget-Connector-Macro-Velocity-Template-Injection.html http://www.rapid7.com/db/modules/exploit/multi/http/confluence_widget_connector https://www.exploit-db.com/exploits/46731/ http://packetstormsecurity.com/files/161065/Atlassian-Confluence-6.12.1-Template-Injection.html

Known Exploited Vulnerability Information

Source	Added Date
CISA	2021-11-03 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Metasploit	https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/confluence_widget_connector.rb	2025-04-29 11:01:21 UTC
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-3396.yaml	2025-04-26 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

confluence_widget_connector

Type: metasploit • Created: Unknown

Metasploit module for CVE-2019-3396

Avento/CVE-2019-3396-Memshell-for-Behinder

Type: github • Created: 2024-05-21 08:20:01 UTC • Stars: 2

CVE-2019-3396 Memshell for Behinder

W2Ning/CVE-2019-3396

Type: github • Created: 2019-12-12 07:40:22 UTC • Stars: 0

For test

am6539/CVE-2019-3396

Type: github • Created: 2019-11-21 03:07:08 UTC • Stars: 0

quanpt103/CVE-2019-3396

Type: github • Created: 2019-04-10 17:05:10 UTC • Stars: 0

Confluence Widget Connector RCE - ptquan

s1xg0d/CVE-2019-3396

Type: github • Created: 2019-04-10 07:39:42 UTC • Stars: 0

pyn3rd/CVE-2019-3396

Type: github • Created: 2019-04-10 02:24:29 UTC • Stars: 39

Confluence Widget Connector RCE

jas502n/CVE-2019-3396

Type: github • Created: 2019-04-10 02:22:24 UTC • Stars: 144

Confluence 未授权 RCE (CVE-2019-3396) 漏洞

Yt1g3r/CVE-2019-3396_EXP

Type: github • Created: 2019-04-10 02:15:47 UTC • Stars: 174

CVE-2019-3396 confluence SSTI RCE

xiaoshuier/CVE-2019-3396

Type: github • Created: 2019-04-09 11:01:41 UTC • Stars: 0

x-f1v3/CVE-2019-3396

Type: github • Created: 2019-04-09 06:20:51 UTC • Stars: 22

Confluence Widget Connector path traversal (CVE-2019-3396)

Timeline

CVE ID Reserved

December 19, 2018
CVE Published to Public

March 25, 2019
Proof of Concept Exploit Available

April 09, 2019
Exploit Used in Malware

November 03, 2021
Added to KEVIntel

November 03, 2021
Detected by Nuclei

April 26, 2025
Detected by Metasploit

April 29, 2025