HomePentest-Tools.com Logo

Atlassian Confluence Information Disclosure Vulnerability CVE-2017-7415

Severity
CVSSv3 Score
7.5
Vulnerability description

Atlassian Confluence is prone to an information disclosure vulnerability.

Risk description

The Confluence drafts diff rest resource made the current content of all blogs and pages in Confluence available without authentication by providing a page id or draft id. Attackers who can access the Confluence web interface of a vulnerable version can use this vulnerability to obtain the content of all blogs and pages inside Confluence provided that they first enumerate page or draft ids.

Recommendation

Update to version 6.0.7 or later versions.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Apr 27, 2017
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available