Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Atlassian Confluence Server 5.7.x < 5.7.6 Remote Disclosure

Medium

Synopsis

The remote Confluence server is affected by a remote disclosure vulnerability.

Description

Versions of Confluence 5.7.x prior to 5.7.6 contain an insecure direct object reference flaw in the '/viewdefaultdecorator.action' script that is triggered when it does not properly restrict requests for files passed via the 'decoratorName' parameter. This may allow an authenticated remote attacker to gain access to read configuration files.

Solution

Upgrade to Confluence 5.7.x version 5.7.6 or later.