CVE-2015-8399
published 2016-04-11CVE-2015-8399: Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1)…
PriorityP345medium4.3CVSS 3.0
AVNACLPRLUINSUCLINAN
EXPLOIT
EPSS
61.11%
99.0th percentile
Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | confluence | <= 5.8.16 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →HTTP GET request to /spaces/viewdefaultdecorator.action or /admin/viewdefaultdecorator.action with a decoratorName parameter containing a config file path; a 200 response body containing both 'confluence-init.properties' and 'View Default Decorator' confirms successful exploitation. ↗
- →Shodan queries to identify exposed Atlassian Confluence instances: http.component:"Atlassian Confluence" or cpe:"cpe:2.3:a:atlassian:confluence". ↗
- →The vulnerability is an Insecure Direct Object Reference (IDOR) allowing any authenticated user to read arbitrary configuration files by supplying file paths as the decoratorName parameter value. ↗
- ·Exploitation requires authentication; the attacker must be a remote authenticated user to trigger the information disclosure. ↗
- ·Affected versions are Confluence before 5.8.17; the vulnerability was confirmed fixed in version 5.8.17. ↗
CVSS provenance
nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Atlassian Confluence 5.2/5.8.14/5.8.15 - Multiple Vulnerabilities
exploitdb·2016-01-05·CVSS 6.1
CVE-2015-8399 [MEDIUM] Atlassian Confluence 5.2/5.8.14/5.8.15 - Multiple Vulnerabilities
Atlassian Confluence 5.2/5.8.14/5.8.15 - Multiple Vulnerabilities
---
[Systems Affected]
Product : Confluence
Company : Atlassian
Versions (1) : 5.2 / 5.8.14 / 5.8.15
CVSS Score (1) : 6.1 / Medium (classified by vendor)
Versions (2) : 5.9.1 / 5.8.14 / 5.8.15
CVSS Score (2) : 7.7 / High (classified by vendor)
[Product Description]
Confluence is team collaboration software, where you create,
organize and discuss work with your team. it is developed and marketed
by Atlassian.
[Vulnerabilities]
Two vulnerabilities were identified within this application:
(1) Reflected Cross-Site Scripting (CVE-2015-8398)
(2) Insecure Direct Object Reference (CVE-2015-8399)
[Advisory Timeline]
26/Oct/2015 - Discovery and vendor notification
26/Oct/2015 - Vendor replied for Cross-Site Scripting (SEC-490)
Nuclei
Atlassian Confluence <5.8.17 - Information Disclosure
nuclei·CVSS 4.3
CVE-2015-8399 [MEDIUM] Atlassian Confluence <5.8.17 - Information Disclosure
Atlassian Confluence <5.8.17 - Information Disclosure
Atlassian Confluence before 5.8.17 contains an information disclsoure vulnerability. A remote authenticated user can read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.
Template:
id: CVE-2015-8399
info:
name: Atlassian Confluence <5.8.17 - Information Disclosure
author: princechaddha
severity: medium
description: Atlassian Confluence before 5.8.17 contains an information disclsoure vulnerability. A remote authenticated user can read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.
impact: |
An attacker can exploit this vulnerability to gain access to sensitive
Recorded Future
Analyze Recent Atlassian Vulnerabilities and Keep Your Infrastructure Protected
blogs_recorded_future·CVSS 9.6
[CRITICAL] Analyze Recent Atlassian Vulnerabilities and Keep Your Infrastructure Protected
# Analyze Recent Atlassian Vulnerabilities and Keep Your Infrastructure Protected
For years, software solutions built by Atlassian have found their way to nearly every organization's software stack. Tools such as JIRA, Confluence, Bamboo, and BitBucket are often seen playing a crucial role in various departments across enterprises.
From managing projects or handling organization-wide documentation, to hosting the very code of a product being developed by the organization, the constant reliance upon and amount of historical data held within these applications have turned them into a lucrative target for attackers, expanding the attack surface in the process.
## Historical Atlassian Vulnerabilities
Traditionally, vulnerabilities within the Atlassian software stack have originated from di
Greynoiseio
Spike in Atlassian Exploitation Attempts: Patching is Crucial
blogs_greynoiseio
Spike in Atlassian Exploitation Attempts: Patching is Crucial
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
2016-04-11
Published