4 matches found
Atlassian Confluence 6.1.x < 6.6.16 Local File Disclosure
According to its self-reported version number, the Atlassian Confluence application running on the remote host is 6.1.x /confluence/WEB-INF/ directory and it's subdirectories. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported...
Local File Disclosure via Word Export in Confluence Server - CVE-2019-3394
Confluence Server and Data Center had a local file disclosure vulnerability in the page export function. A remote attacker who has Add Page space permission would be able to read arbitrary files in the /confluence/WEB-INF/ directory and it's subdirectories, which may contain configuration files...
Users with only View Space permission are able to edit Space Questions
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46923. panel h2. Problem Summary Users are able to edit any Space Questions as long as they have View permissions for that space...
Partial space admin permission/authority
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-15172. panel I followed these guidelines, but this is not fine grained enough...