Description
Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Confluence could receive workbox notifications, which contain the content of comments, for comments added to a page after they started watching it even if they do not have permission to view the page itself.
Remediation
References
Related Vulnerabilities
WordPress Plugin WooCommerce Customers Manager Multiple Vulnerabilities (26.5)
e107 Other Vulnerability (CVE-2004-2031)
Perl Out-of-bounds Write Vulnerability (CVE-2018-6913)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1000399)
WordPress Plugin Social Media Flying Icons-Floating Social Media Icon Cross-Site Scripting (2.1)