Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Atlassian Confluence Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-7415)

Description

Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST resource.

Remediation

References

Related Vulnerabilities

WordPress Plugin WP Add Mime Types Cross-Site Request Forgery (2.2.1)

Moodle Other Vulnerability (CVE-2011-4586)

MySQL CVE-2018-2767 Vulnerability (CVE-2018-2767)

Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.5)

WordPress Plugin VDZ VERIFICATION (Custom Meta Tags) Cross-Site Scripting (1.3.12)

Severity

High

Classification

CVE-2017-7415 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities