이 문서는 Confluence 보안 취약점 해결을 위해 Confluence를 업데이트 할 수 없는 사이트를 위해 임시조치 방법을 공유하기위해 작성되었다.
Confluence 보안 취약점
1.Confluence Security Advisory - 2019-03-20
Summary | March 2019 Confluence Server and Data Center Advisory - WebDAV and Widget Connector vulnerabilities |
---|
Advisory release date | 20 Mar 2019 10:00 AM PDT (Pacific Time, -7 hours) |
---|
Products | Confluence Server Confluence Data Center
|
---|
Affected versions | All 1.x.x, 2.x.x, 3.x.x, 4.x.x and 5.x.x versions All 6.0.x, 6.1.x, 6.2.x, 6.3.x, 6.4.x, and 6.5.x versions All 6.6.x versions before 6.6.12 All 6.7.x, 6.8.x, 6.9.x, 6.10.x and 6.11.x versions All 6.12.x versions before 6.12.3 All 6.13.x versions before 6.13.3 All 6.14.x versions before 6.14.2
|
---|
Fixed versions | Version 6.6.12 and higher versions of 6.6.x Version 6.12.3 and higher versions of 6.12.x Version 6.13.3 and higher versions of 6.13.x Version 6.14.2 and higher
|
---|
CVE ID(s) | CVE-2019-3395 CVE-2019-3396
|
---|
컨플루언스관리 → 앱관리 → 모든 앱(webdav 검색)
WebDAV Plugin 선택하여 비활성화
Widget Connector 검색
Widget Connector 선택하여 비활성화