Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Does security advisory released on 17th April 2019 will apply for confluence server version 6.0.3?

Niveditha
Niveditha April 17, 2019

Hi Team,

I just received confluence security advisory warning notification from atlassian. We have confluence server version 6.0.3, this version is not in the list of versions which have effect.

Just want to confirm with you, Does security advisory which is released for confluence server or database today will effect our confluence version 6.0.3?

Thanks!

Regards,

Niveditha

Answer
Watch
Like Be the first to like this
579 views

1 answer

1 accepted

1 vote
Answer accepted
Ed Gaile _Atlanta_ GA_
Ed Gaile _Atlanta_ GA_
Community Champion
April 17, 2019

Hi Niveditha -

I believe that 6.0.3 is impacted based on the following in the release announcement:

- From version 2.0.0 before 6.6.13 (the fixed version for 6.6.x)

So, you would need to get up to version 6.6.13 at the minimum.

-Ed

View More Comments
Niveditha
Niveditha April 17, 2019

Hi Ed,

Thanks for the quick reply!

List of versions effected.PNG

I found this list in the provided link, according to this our version doesn't have effect. So please let us know what would be the impact.

Thank you!

Regards,

Niveditha

Like
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 17, 2019

Hi @Niveditha ,

I can 100% confirm that all versions of 6.0.x are affected. The omission from the advisory is an error on our end, which we will correct shortly.

The impacts are outlined on the advisory itself:

Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs, or to create a new space or personal space, or who has 'Admin' permissions for a space, can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center.

You will need to upgrade Confluence to a version listed on the advisory to patch the vulnerability. There is a short-term mitigation step listed in the advisory as well to protect you while you work on upgrading.

Best,
Daniel | Atlassian Support

Like Ed Gaile _Atlanta_ GA_ likes this
Niveditha
Niveditha April 17, 2019

Hi Daniel,

Thank you for the confirmation. 

Have a good one!

Regards,

Niveditha

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.