漏洞类别:CGI
漏洞等级:
漏洞信息
Confluence is a team collaboration software. Written in Java and mainly used in corporate environments, it is developed and marketed by Atlassian.
The vulnerability exists because the Confluence drafts diff REST resource incorrectly makes the current content of all blogs and pages in Confluence available without authentication by providing a page id or draft id. An unauthenticated, remote attacker to gain access to sensitive information.
Affected Versions:
Atlassian Confluence 6.0.x versions prior to 6.0.7
漏洞危害
Successful exploitation allows unauthenticated, remote attackers to gain access to sensitive information which may aid in launching further attacks.
解决方案
Customers are advised to upgrade to Atlassian Confluence 6.0.7, 6.1.0, 6.1.1 or later versions to remediate this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论