CVE-2018-13393
published 2018-08-15CVE-2018-13393: The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed…
medium6.5CVSS 3.0
AVNACLPRNUIRSUCNIHAN
The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | confluence_questions | >= unspecified < 2.6.6 | 2.6.6 |
| atlassian | questions_for_confluence | < 2.6.6 | 2.6.6 |