Description
The Confluence drafts diff rest resource makes the current content of all blogs and pages in Confluence available without authentication by providing a page id or draft id. Attackers who can access the Confluence web interface of a vulnerable version can use this vulnerability to obtain the content of all blogs and pages inside Confluence provided that they first enumerate page or draft ids. All versions of Confluence starting with 6.0.0 before version 6.0.7 are affected by this vulnerability.
Remediation
Upgrade Confluence to version 6.1.0 or above (recommended)
References
Related Vulnerabilities
WordPress Plugin Media Library Assistant Information Disclosure (3.00)
Drupal 7 arbitrary PHP code execution and information disclosure
WordPress Plugin Product Subtitle For WooCommerce Arbitrary File Disclosure (4.1)
WordPress Plugin Cimy User Manager 'cimy_um_filename' Parameter Arbitrary File Disclosure (1.4.2)