{"cve":{"cve_id":"CVE-2019-3396","is_kev":true,"kev_date_added":"2021-11-03","kev_vendor_project":"Atlassian","kev_product":"Confluence Server and Data Server","kev_vulnerability_name":"Atlassian Confluence Server and Data Center Server-Side Template Injection Vulnerability","kev_short_description":"Atlassian Confluence Server and Data Center contain a server-side template injection vulnerability that may allow an attacker to achieve path traversal and remote code execution.","kev_required_action":"Apply updates per vendor instructions.","kev_due_date":"2022-05-03","kev_known_ransomware":true,"kev_notes":"https://nvd.nist.gov/vuln/detail/CVE-2019-3396","kev_cwes":["CWE-22"],"epss_score":0.99913,"epss_percentile":0.99966,"epss_as_of":"2026-06-23","description":"The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.","published_at":"2019-03-25T18:37:06.256000Z","last_modified_at":null,"cvss_v3_score":9.8,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss_v3_severity":"CRITICAL","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"active","ssvc_automatable":true,"ssvc_technical_impact":"total","cwes":["CWE-22"],"nvd_references":["https://jira.atlassian.com/browse/CONFSERVER-57974","http://packetstormsecurity.com/files/152568/Atlassian-Confluence-Widget-Connector-Macro-Velocity-Template-Injection.html","http://www.rapid7.com/db/modules/exploit/multi/http/confluence_widget_connector","https://www.exploit-db.com/exploits/46731/","http://packetstormsecurity.com/files/161065/Atlassian-Confluence-6.12.1-Template-Injection.html"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:31.350578Z","updated_at":"2026-06-28T23:12:45.656505Z"},"effective_severity":"CRITICAL","badges":["kev","ransomware","poc","epss"],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"confluence-server","product_name":"Confluence Server","version_start":"unspecified","version_start_inclusive":true,"version_end":"6.6.12","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:confluence-server:unspecified:6.6.12"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"confluence-server","product_name":"Confluence Server","version_start":"6.7.0","version_start_inclusive":true,"version_end":"unspecified","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:confluence-server:6.7.0:unspecified"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"confluence-server","product_name":"Confluence Server","version_start":"unspecified","version_start_inclusive":true,"version_end":"6.12.3","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:confluence-server:unspecified:6.12.3"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"confluence-server","product_name":"Confluence Server","version_start":"next of 6.13.0","version_start_inclusive":true,"version_end":"unspecified","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:confluence-server:next of 6.13.0:unspecified"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"confluence-server","product_name":"Confluence Server","version_start":"unspecified","version_start_inclusive":true,"version_end":"6.13.3","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:confluence-server:unspecified:6.13.3"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"confluence-server","product_name":"Confluence Server","version_start":"next of 6.14.0","version_start_inclusive":true,"version_end":"unspecified","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:confluence-server:next of 6.14.0:unspecified"},{"vendor_slug":"atlassian","vendor_name":"Atlassian","product_slug":"confluence-server","product_name":"Confluence Server","version_start":"unspecified","version_start_inclusive":true,"version_end":"6.14.2","version_end_inclusive":false,"cpe23_uri":"cve5:atlassian:confluence-server:unspecified:6.14.2"}],"exploit_refs":[{"source":"nuclei","kind":"nuclei","url":"https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-3396.yaml","title":"Atlassian Confluence Server - Path Traversal","author":"harshbothra_","disclosed_at":null}],"news":[],"references":[{"url":"https://jira.atlassian.com/browse/CONFSERVER-57974","source_type":"MISC","tags":[]},{"url":"http://packetstormsecurity.com/files/152568/Atlassian-Confluence-Widget-Connector-Macro-Velocity-Template-Injection.html","source_type":"EXPLOIT","tags":["exploit"]},{"url":"http://www.rapid7.com/db/modules/exploit/multi/http/confluence_widget_connector","source_type":"MISC","tags":[]},{"url":"https://www.exploit-db.com/exploits/46731/","source_type":"EXPLOIT","tags":["exploit"]},{"url":"http://packetstormsecurity.com/files/161065/Atlassian-Confluence-6.12.1-Template-Injection.html","source_type":"EXPLOIT","tags":["exploit"]}],"timeline":[{"type":"published","at":"2019-03-25T18:37:06.256000Z","label":"CVE published","source":null},{"type":"cisa_reported","at":"2021-11-03T00:00:00Z","label":"Added to CISA KEV catalog","source":"kev"},{"type":"poc_available","at":"2026-06-24T00:29:48.638073Z","label":"Public PoC available","source":"nuclei"},{"type":"ssvc_changed","at":"2026-06-24T00:31:24.982914Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:31:24.982914Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-24T00:31:24.982914Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:24.982914Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:24.982914Z","label":"CVSS score revised","source":"vulnrichment"},{"type":"cvss_changed","at":"2026-06-24T00:31:24.982914Z","label":"CVSS score revised","source":"vulnrichment"}]}