Detections
Analytics
Atlassian Confluence Server 5.7.x < 5.7.1 Remote Disclosure
medium Nessus Network Monitor Plugin ID 9643
Synopsis
The remote Confluence server is affected by a remote disclosure vulnerability.Description
Versions of Confluence 5.7.x prior to 5.7.1 contain a flaw that is due to the program failing to restrict access to comments on files which are attached to a restricted page. This may allow remote attackers to gain access to sensitive information.Solution
Upgrade to Confluence 5.7.x version 5.7.1 or later.See Also
https://jira.atlassian.com/browse/CONF-36708
Plugin Details
Severity: Medium
ID: 9643
Family: CGI
Published: 10/14/2016
Updated: 3/6/2019
Risk Information
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 4.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS v3
Risk Factor: Medium
Base Score: 5.3
Temporal Score: 5.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:atlassian:confluence
Patch Publication Date: 3/9/2015
Vulnerability Publication Date: 4/30/2015