Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST resource.
https://jira.atlassian.com/browse/CONFSERVER-52222
https://packetstormsecurity.com/files/142330/Confluence-6.0.x-Information-Disclosure.html