Description
Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Confluence could receive workbox notifications, which contain the content of comments, for comments added to a page after they started watching it even if they do not have permission to view the page itself.
Remediation
References
Related Vulnerabilities
WordPress Plugin Filter & Grids Local File Inclusion (2.8.32)
WordPress Plugin Comments Like Dislike Security Bypass (1.1.3)
WordPress Plugin MyPixs Local File Inclusion (0.3)
WordPress Plugin Sticky Ad Bar Cross-Site Scripting (1.3.1)
WordPress Plugin Download Plugin Arbitrary Directory Download (1.0.1)