Lucene search
AtlassianCVELIST:CVE-2017-9505HistoryJun 15, 2017 - 4:00 p.m.
CVE-2017-9505
2017-06-1516:00:00
atlassian
www.cve.org
6
Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Confluence could receive workbox notifications, which contain the content of comments, for comments added to a page after they started watching it even if they do not have permission to view the page itself.
CNA Affected
[
{
"product": "Confluence Server",
"vendor": "Atlassian",
"versions": [
{
"status": "affected",
"version": "Versions of Confluence starting with 4.3.0 before 6.2.1 are affected by this vulnerability."
}
]
}
]Related
openvas
openvas
Atlassian Confluence Access Restriction Bypass Vulnerability
2017-06-14 00:00:00
Atlassian Confluence CVE-2017-9505 Security Bypass Vulnerability
2017-06-19 00:00:00
cve
cve
CVE-2017-9505
2017-06-15 16:29:00
prion
prion
Code injection
2017-06-15 16:29:00
atlassian
atlassian
Access Restriction Bypass using watch notifications (CVE-2017-9505)
2017-06-08 02:49:47
Access Restriction Bypass using watch notifications (CVE-2017-9505)
2017-06-08 02:49:47
nvd
nvd
CVE-2017-9505
2017-06-15 16:29:00
avleonov
avleonov
Vulners.com vulnerability detection plugins for Burp Suite and Google Chrome
2017-12-10 11:58:35