CVE-2018-13394

CWE-352Cross-Site Request Forgery (CSRF)3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 71.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Atlassian Confluence QuestionsAtlassian Questions FOR Confluence
Timeline
PublishedAug 15
Latest updateMay 14

Description

The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5atlassian/confluence_questionsunspecified2.6.6
NVDatlassian/questions< 2.6.6

🔴Vulnerability Details

2
GHSA
GHSA-xwh4-g756-hmwc: The acceptAnswer resource in Atlassian Confluence Questions before version 22022-05-14
CVEList
CVE-2018-13394: The acceptAnswer resource in Atlassian Confluence Questions before version 22018-08-15
CVE-2018-13394 (MEDIUM CVSS 6.5) | The acceptAnswer resource in Atlass | cvebase.io