Description
Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST resource.
References (3)
Core 3
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
https://jira.atlassian.com/browse/CONFSERVER-52222
Exploit, Third Party Advisory, VDB Entry x_refsource_confirm
https://packetstormsecurity.com/files/142330/Confluence-6.0.x-Information-Disclosure.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/97961
Scores
CVSS v3
7.5
EPSS
0.0109
EPSS Percentile
78.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (7)
atlassian/confluence_server
6.0.0
atlassian/confluence_server
6.0.1
atlassian/confluence_server
6.0.2
atlassian/confluence_server
6.0.3
atlassian/confluence_server
6.0.4
atlassian/confluence_server
6.0.5
atlassian/confluence_server
6.0.6
Published
Apr 27, 2017
Tracked Since
Feb 18, 2026