Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Atlassian Confluence Server 5.7.x < 5.7.6 Remote Disclosure



The remote Confluence server is affected by a remote disclosure vulnerability.


Versions of Confluence 5.7.x prior to 5.7.6 contain an insecure direct object reference flaw in the '/viewdefaultdecorator.action' script that is triggered when it does not properly restrict requests for files passed via the 'decoratorName' parameter. This may allow an authenticated remote attacker to gain access to read configuration files.


Upgrade to Confluence 5.7.x version 5.7.6 or later.