Description
Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.
Remediation
References
Related Vulnerabilities
WordPress 'paged' Parameter SQL Injection Vulnerability (2.0.2 - 2.0.5)
WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Cross-Site Scripting (3.9.1)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-15110)
WordPress Plugin Import and export users and customers Multiple Vulnerabilities (1.14.0.2)