CVE-2018-20237

CVE-2018-20237

by adidionxlm

Abstract Advisory Information

Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature.

Authors: Jean-Marie Bourbon from Excellium-Services company

Version affected

Name: Confluence
Versions: 6.12.0

Common Vulnerability Scoring System

3.1
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Patches

Fixed on 6.14.0 or 6.13.1

References

https://jira.atlassian.com/browse/CONFSERVER-57814

Vulnerability Disclosure Timeline

  • 18/09/2018 – Vulnerability discovered.
  • 19/09/2018 – BugCrowds Submission.
  • 20/09/2018 – Atlassian psirt notificiation
  • 24/09/2018 – Atlassian support notificatinon
  • 25/09/2018 – Issue acknowledged by support -> Long Term backlog.
  • 29/01/2019 – Published on Atlassian’s public issue tracke
  • 28/02/2019 – Public disclosure
Top