Atlassian Confluence CVE-2017-9505 Security Bypass Vulnerability

Atlassian Confluence is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-9505

Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Confluence could receive workbox notifications, which contain the content of comments, for comments add...

CVE-2017-9505

Atlassian Confluence, versions 4.3.0 up to 6.2.1, are vulnerable to an access-control bypass when creating a workbox notification for new comments. The root cause is failure to verify a viewer’s permission for the page, allowing an authenticated attacker who can log in to receive workbox notifica...

Access Restriction Bypass using watch notifications (CVE-2017-9505)

Confluence did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Confluence could receive workbox notifications, which contain the content of comments, for comments added to a page after they started watching it...