CVE-2018-20237

Опубликовано: 13 фев. 2019

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature.

Ссылки

http://www.securityfocus.com/bid/107041
Third Party Advisory
VDB Entry
https://jira.atlassian.com/browse/CONFSERVER-57814
Issue Tracking
Vendor Advisory
https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20237/
Third Party Advisory
http://www.securityfocus.com/bid/107041
Third Party Advisory
VDB Entry
https://jira.atlassian.com/browse/CONFSERVER-57814
Issue Tracking
Vendor Advisory
https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20237/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*

Версия до 6.13.1 (исключая)

cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*

Версия от 6.13.2 (включая) до 6.14.0 (исключая)

cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*

Версия до 6.13.1 (исключая)

cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*

Версия от 6.13.2 (включая) до 6.14.0 (исключая)

EPSS

Процентиль: 67%

0.00563

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-668

Связанные уязвимости

GHSA-6cff-mj8v-fvr9