Cloud Defense Logo

Products

Solutions

Company

CVE-2020-24898 : Security Advisory and Response

Learn about CVE-2020-24898 affecting Table Filter and Charts for Confluence Server app. Discover the impact, technical details, and mitigation steps for this SSRF vulnerability.

The Table Filter and Charts for Confluence Server app before 5.3.26 (for Atlassian Confluence) allows SSRF via the "Table from CSV" macro (URL parameter).

Understanding CVE-2020-24898

This CVE involves a vulnerability in the Table Filter and Charts for Confluence Server app that could be exploited for SSRF attacks.

What is CVE-2020-24898?

CVE-2020-24898 is a security vulnerability in the Table Filter and Charts for Confluence Server app that enables Server-Side Request Forgery (SSRF) through the "Table from CSV" macro using the URL parameter.

The Impact of CVE-2020-24898

The vulnerability has a CVSS base score of 7.6, indicating a high severity level. It can lead to unauthorized access to sensitive data due to the SSRF capability.

Technical Details of CVE-2020-24898

The technical aspects of the CVE provide insights into the vulnerability and its implications.

Vulnerability Description

The Table Filter and Charts for Confluence Server app before version 5.3.26 allows SSRF attacks via the "Table from CSV" macro, posing a risk to the security of Atlassian Confluence instances.

Affected Systems and Versions

        Product: Not applicable
        Vendor: Not applicable
        Versions affected: Not applicable

Exploitation Mechanism

        Attack Complexity: Low
        Attack Vector: Network
        Confidentiality Impact: High
        Integrity Impact: Low
        Privileges Required: Low
        User Interaction: None
        Scope: Unchanged

Mitigation and Prevention

Protecting systems from CVE-2020-24898 requires immediate actions and long-term security practices.

Immediate Steps to Take

        Update the Table Filter and Charts for Confluence Server app to version 5.3.26 or higher to mitigate the SSRF vulnerability.
        Monitor and restrict external URLs accessed by the app to prevent SSRF attacks.

Long-Term Security Practices

        Regularly review and update security configurations for Confluence Server apps.
        Educate users on the risks of SSRF attacks and best practices for secure macro usage.

Patching and Updates

        Stay informed about security patches and updates released by Atlassian for the Confluence Server app.

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now