Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-8399

CWE-200Information Exposure5 documents5 sources
Severity
4.3MEDIUM
EPSS
93.0%
top 0.21%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Atlassian Confluence
Timeline
PublishedApr 11
Latest updateMay 14

Description

Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-hpfx-3gj7-8gfg: Atlassian Confluence before 52022-05-14
CVEList
CVE-2015-8399: Atlassian Confluence before 52016-04-11

💥Exploits & PoCs

2
Exploit-DB
Atlassian Confluence 5.2/5.8.14/5.8.15 - Multiple Vulnerabilities2016-01-05
Nuclei
Atlassian Confluence <5.8.17 - Information Disclosure
CVE-2015-8399 (MEDIUM CVSS 4.3) | Atlassian Confluence before 5.8.17 | cvebase.io