Synopsis
Atlassian Confluence < 6.6.12 / 6.7.x < 6.12.3 / 6.13.x < 6.13.3 / 6.14.x < 6.14.2 Template Injection
Description
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12, 6.7.0 < 6.12.3, 6.13.0 < 6.13.3 and 6.14.0 < 6.14.2 allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.
This vulnerability has been verified using a remote check and should be remediated immediately.
Solution
Upgrade to Atlassian Confluence version 6.6.12, 6.12.3, 6.13.3, 6.14.2, 6.15.1 or later.