Detections
Analytics
Atlassian Confluence Server 5.9.x < 5.9.14 Secret Key Disclosure
medium Nessus Network Monitor Plugin ID 9649
Synopsis
The remote Confluence server is affected by a secret key disclosure vulnerability.Description
Versions of Confluence 5.9.x prior to 5.9.14 are affected by a flaw that may result in the secret key used for linked instance communication being exposed. This may allow an authenticated remote attacker to disclose it and gain full control over a linked HipChat instance.Solution
Upgrade to Confluence 5.9.x version 5.9.14 or later.See Also
https://confluence.atlassian.com/doc/confluence-security-advisory-2016-09-21-849052104.html
Plugin Details
Severity: Medium
ID: 9649
Family: CGI
Published: 10/14/2016
Updated: 3/6/2019
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 4
Temporal Score: 3.5
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS v3
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 4.1
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:atlassian:confluence
Patch Publication Date: 9/21/2016
Vulnerability Publication Date: 9/21/2016
Reference Information
CVE: CVE-2016-6668
BID: 93159