CVE-2017-9505 in Confluenceinformazioni

Riassunto

di MITRE

Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Confluence could receive workbox notifications, which contain the content of comments, for comments added to a page after they started watching it even if they do not have permission to view the page itself.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Prenotare

07/06/2017

Divulgazione

15/06/2017

Moderazione

accettato

Voce

VDB-102564

CPE

pronto

CWE

CWE-200 (confermato)

CVSS

6.5 (NVD)

EPSS

0.01264

KEV

Attività

molto basso

Fonti

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-9505
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-9505
CVE Details	https://www.cvedetails.com/cve/CVE-2017-9505/

◂ Precedente Visione D'ensemble Il prossimo ▸

Do you need the next level of professionalism?

Upgrade your account now!