WEB APPLICATION VULNERABILITIES Standard & Premium

Atlassian Confluence Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6668)

Description

The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers to obtain the secret key for communicating with HipChat instances by reading unspecified pages.

Remediation

References

Related Vulnerabilities

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3732)

Oracle JRE CVE-2014-0455 Vulnerability (CVE-2014-0455)

MySQL CVE-2014-4274 Vulnerability (CVE-2014-4274)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-2607)

WordPress 5.0.x Multiple Vulnerabilities (5.0 - 5.0.18)

Severity

High

Classification

CVE-2016-6668 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities