Description

Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.

Remediation

References

CVE-2015-8399

Related Vulnerabilities

Nginx Improper Input Validation Vulnerability (CVE-2011-4968)

WordPress Plugin WP Easy Gallery Multiple Unspecified Vulnerabilities (2.7)

Python Inefficient Regular Expression Complexity Vulnerability (CVE-2024-7592)

Joomla! Core 3.9.x Cross-Site Scripting (3.9.0 - 3.9.23)

Oracle Application Server Incorrect Calculation of Buffer Size Vulnerability (CVE-2004-1363)

Severity

Medium

Classification

CVE-2015-8399 CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities