CVE-2017-9505
published 2017-06-15CVE-2017-9505: Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Confluence could receive workbox notifications, which contain the content of comments, for comments added to a page after they started watching it even if they do not have permission to view the page itself.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | confluence | >= 4.3 < 6.2.1 | 6.2.1 |
| atlassian | confluence_server | — | — |