Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Atlassian Confluence Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-7415)

Description

Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST resource.

Remediation

References

Related Vulnerabilities

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-3591)

XWikiplatform Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-31986)

Next.js Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2024-46982)

Oracle Database Server CVE-2006-0283 Vulnerability (CVE-2006-0283)

WordPress Plugin Tutor LMS-eLearning and online course solution Security Bypass (2.6.1)

Severity

High

Classification

CVE-2017-7415 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities