Atlassian Confluence Server 5.7.x < 5.7.1 Remote Disclosure

medium Nessus Network Monitor Plugin ID 9643

Synopsis

The remote Confluence server is affected by a remote disclosure vulnerability.

Description

Versions of Confluence 5.7.x prior to 5.7.1 contain a flaw that is due to the program failing to restrict access to comments on files which are attached to a restricted page. This may allow remote attackers to gain access to sensitive information.

Solution

Upgrade to Confluence 5.7.x version 5.7.1 or later.

Plugin Details

Severity: Medium

ID: 9643

Family: CGI

Published: 10/14/2016

Updated: 3/6/2019

Vulnerability Information

CPE: cpe:/a:atlassian:confluence

Patch Publication Date: 3/9/2015

Vulnerability Publication Date: 4/30/2015

Detections

Analytics