CURVC DevOps

페이지 트리

이 문서는 Confluence 보안 취약점 해결을 위해 Confluence를 업데이트 할 수 없는 사이트를 위해 임시조치 방법을 공유하기위해 작성되었다.


Confluence 보안 취약점

1.Confluence Security Advisory - 2019-03-20

  • 취약점 요약

Summary

March 2019 Confluence Server and Data Center Advisory - WebDAV and Widget Connector vulnerabilities

Advisory release date

20 Mar 2019 10:00 AM PDT (Pacific Time, -7 hours)

Products

  • Confluence Server

  • Confluence Data Center

Affected versions

  • All 1.x.x, 2.x.x, 3.x.x, 4.x.x and 5.x.x versions

  • All 6.0.x, 6.1.x, 6.2.x, 6.3.x, 6.4.x, and 6.5.x versions

  • All 6.6.x versions before 6.6.12

  • All 6.7.x, 6.8.x, 6.9.x, 6.10.x and 6.11.x versions

  • All 6.12.x versions before 6.12.3

  • All 6.13.x versions before 6.13.3

  • All 6.14.x versions before 6.14.2

Fixed versions

  • Version 6.6.12 and higher versions of 6.6.x

  • Version 6.12.3 and higher versions of 6.12.x

  • Version 6.13.3 and higher versions of 6.13.x

  • Version 6.14.2 and higher

CVE ID(s)

  • CVE-2019-3395

  • CVE-2019-3396

  • 임시조치 방법

컨플루언스관리 → 앱관리 → 모든 앱(webdav 검색)

WebDAV Plugin 선택하여 비활성화


Widget Connector 검색

Widget Connector 선택하여 비활성화


  • 레이블 없음

추가적인 정보를 확인하세요.