Abstract Advisory Information
Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature.
Authors: Jean-Marie Bourbon from Excellium-Services company
Common Vulnerability Scoring System
Fixed on 6.14.0 or 6.13.1
Vulnerability Disclosure Timeline
- 18/09/2018 – Vulnerability discovered.
- 19/09/2018 – BugCrowds Submission.
- 20/09/2018 – Atlassian psirt notificiation
- 24/09/2018 – Atlassian support notificatinon
- 25/09/2018 – Issue acknowledged by support -> Long Term backlog.
- 29/01/2019 – Published on Atlassian’s public issue tracke
- 28/02/2019 – Public disclosure