Description

Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST resource.

Remediation

References

CVE-2017-7415

Related Vulnerabilities

PHP Out-of-bounds Read Vulnerability (CVE-2015-2326)

WEBrick v.1.3 directory traversal

MySQL CVE-2024-21272 Vulnerability (CVE-2024-21272)

WordPress Plugin Timetable and Event Schedule by MotoPress Unspecified Vulnerability (2.4.3)

ProjectSend Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9783)

Severity

High

Classification

CVE-2017-7415 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities