CVE-2017-7415Sensitive Information Exposure in Atlassian Confluence Server

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
7.5HIGHNVD
EPSS
1.1%
top 22.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Atlassian Confluence Server
Timeline
PublishedApr 27
Latest updateMay 13

Description

Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST resource.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDatlassian/confluence_server7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-4vqv-x2v3-2m47: Atlassian Confluence 62022-05-13
CVEList
CVE-2017-7415: Atlassian Confluence 62017-04-27
CVE-2017-7415 — Sensitive Information Exposure | cvebase