CVE-2020-35122 – This vulnerability allows authenticated Conflue... (How to Fix)

Q: What is the severity of CVE-2020-35122?

CVE-2020-35122 has a CVSS score of 7.5 (HIGH). This vulnerability allows authenticated Confluence users to bypass access controls in the Keysight Database Connector plugin, enabling them to execute arbitrary SQL queries against saved database connections. This affects Confluence servers running the vulnerable plugin version. Attackers could potentially read, modify, or delete database contents.

📋 TL;DR

This vulnerability allows authenticated Confluence users to bypass access controls in the Keysight Database Connector plugin, enabling them to execute arbitrary SQL queries against saved database connections. This affects Confluence servers running the vulnerable plugin version. Attackers could potentially read, modify, or delete database contents.

💻 Affected Systems

Products:

Keysight Database Connector plugin for Confluence

Versions: All versions before 1.5.0

Operating Systems: Any OS running Confluence

Default Config Vulnerable: ⚠️ Yes

Notes: Requires the plugin to be installed and configured with saved database connections.

📦 What is this software?

Keysight Database Connector by Keysight

View all CVEs affecting Keysight Database Connector →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of connected databases including data theft, data destruction, or lateral movement to other systems via database connections.

🟠

Likely Case

Unauthorized data access and potential data manipulation in connected databases, leading to data breaches or integrity issues.

🟢

If Mitigated

Limited impact if proper database permissions are configured and sensitive data is segregated.

🌐 Internet-Facing: MEDIUM - Exploitation requires authenticated access to Confluence, but internet-facing Confluence instances increase attack surface.

🏢 Internal Only: HIGH - Internal attackers with Confluence access can exploit this to compromise internal databases.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated Confluence access but SQL injection is straightforward once access controls are bypassed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.5.0

Vendor Advisory: https://bitbucket.org/keysight/keysight-plugins-for-atlassian-products/wiki/Confluence%20Plugins/Database%20Plugin

Restart Required: Yes

Instructions:

1. Log into Confluence as administrator. 2. Go to Manage apps/add-ons. 3. Find Keysight Database Connector plugin. 4. Update to version 1.5.0 or later. 5. Restart Confluence service.

🔧 Temporary Workarounds

Disable plugin

all

Temporarily disable the vulnerable plugin until patching is possible

Navigate to Confluence admin > Manage apps > Find Keysight Database Connector > Disable

Restrict database permissions

all

Configure database connections with minimal required permissions

Review and modify database user permissions to limit access to only necessary operations

🧯 If You Can't Patch

Remove or disable all saved database connection profiles in the plugin configuration
Implement network segmentation to isolate Confluence servers from sensitive databases

🔍 How to Verify

Check if Vulnerable:

Check plugin version in Confluence admin panel under Manage apps/add-ons for Keysight Database Connector

Check Version:

Check via Confluence web interface: Admin > Manage apps > Find Keysight Database Connector

Verify Fix Applied:

Verify plugin version is 1.5.0 or higher in Confluence admin panel

📡 Detection & Monitoring

Log Indicators:

Unusual database query patterns from Confluence application logs
Multiple failed SQL queries or syntax errors from plugin

Network Indicators:

Unexpected database connections from Confluence server
Unusual SQL traffic patterns

SIEM Query:

source="confluence.log" AND "Keysight Database Connector" AND ("SQL" OR "database" OR "query")

📊 Metadata

CVE ID: CVE-2020-35122

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE: CWE-89

Published: December 15, 2020

Last Updated: November 21, 2024

🔗 References

https://bitbucket.org/keysight/keysight-plugins-for-atlassian-products/wiki/Confluence%20Plugins/Database%20Plugin Third Party Advisory
https://bitbucket.org/keysight/keysight-plugins-for-atlassian-products/wiki/Confluence%20Plugins/Database%20Plugin Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-35122, you might also want to check these: