CVE-2019-3396: Vulnerability in Atlassian Confluence Widget...

Question

CVE-2019-3396: Vulnerability in Atlassian Confluence Widget Connector Exploited In The WildIn recent weeks, attackers have been probing for and exploiting a vulnerability in Atlassian Confluence Widget Connector on vulnerable systems to install ransomware, DDoS botnets and cryptocurrency miners.Atlassian published a Confluence Security Advisory on March 20, 2019 to announce fixes for two vulnerabilities, CVE-2019-3395 and CVE-2019-3396.CVE-2019-3395 is a critical server-side request forgery (SSRF) vulnerability in the WebDAV plugin in Confluence Server and Data Center versions released before June 18, 2018. CVE-2019-3396 is a critical server-side template injection vulnerability in Confluence Server and Data Center Widget Connector that could lead to path traversal and remote code execution.For more details about this story, please visit our blog.

snarang · Answer

Update 4/30: A list of Nessus plugins to identify these vulnerabilities can be found&nbsp;here.

Vulnerability Watch

Forum Discussion

CVE-2019-3396: Vulnerability in Atlassian Confluence Widget...

1 Reply

Recent Discussions

Oracle January 2026 Critical Patch Update Addresses 158 CVEs

CVE-2025-64155: Exploit Code Released for Critical Fortinet FortiSIEM Vulnerability

Microsoft’s January 2026 Patch Tuesday Addresses 113 CVEs (CVE-2026-20805)

CVE-2025-14847 (MongoBleed): MongoDB Memory Leak Vulnerability Exploited in the Wild

CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited

Americas

Europe

Asia / Australia