Description

Users can manually subscribe to pages which they are not authorized to view, hence receiving any future comments made on these pages.

Remediation

Upgrade Confluence to version 6.2.1 or above (recommended)

References

SEC Consult Vulnerability Lab Security Advisory 20170613-0

Access Restriction Bypass using watch notifications (CVE-2017-9505)

Related Vulnerabilities

WordPress Plugin AI ChatBot Information Disclosure (4.8.9)

WordPress Plugin Product Input Fields for WooCommerce Arbitrary File Download (1.2.6)

Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.3)

WordPress Plugin Super Refer A Friend Information Disclosure (1.0)

Apache 2.x version older than 2.0.48

Severity

Medium

Classification

CVE-2017-9505 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure