Description

Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.

Remediation

References

CVE-2015-8399

Related Vulnerabilities

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4554)

WordPress Plugin Infusionsoft Gravity Forms Add-on Cross-Site Scripting (1.5.11)

WordPress Plugin Automatic Online Backup 'url' Parameter Cross-Site Scripting (0.8.2)

WordPress Plugin Jigoshop-Store Toolkit Privilege Escalation (1.3.7)

ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-5954)

Severity

Medium

Classification

CVE-2015-8399 CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities