Description

Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature.

Remediation

References

CVE-2018-20237

Related Vulnerabilities

WordPress Plugin Xerte Online 'save.php' Arbitrary File Upload (0.32)

WordPress Plugin Elementor Website Builder Arbitrary File Upload (2.7.4)

WordPress Plugin Quotes Collection Cross-Site Request Forgery (1.5.5.1)

Joomla URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-24598)

WordPress Plugin LearnDash LMS SQL Injection (3.1.5)

Severity

Medium

Classification

CVE-2018-20237 CWE-200 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities