NotCVE - vendor:"Atlassian" product:"Confluence Server" version:" >= 6.15.0

Page 3 of 22 results (0.003 seconds)

CVSS: 8.8EPSS: 78%CPEs: 3EXPL: 2

CVE-2019-3394 – Confluence Server Local File Disclosure

https://notcve.org/view.php?id=CVE-2019-3394

29 Aug 2019 — There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this issue to read arbitrary file on the server under /confluence/WEB-INF directory, which may contain configuration files used for integrating with other services, which could potentially leak credentials or other sensitive information such as LDAP credentials. The LDAP credential will be potentially leaked on... • https://packetstorm.news/files/id/154278 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.4EPSS: 0%CPEs: 14EXPL: 0

CVE-2018-20239

https://notcve.org/view.php?id=CVE-2018-20239

30 Apr 2019 — Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before 5.4.12, and from version 6.0.0 before 6.0.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the applinkStartingUrl parameter. The product is used as a plugin in various Atlassian products where the following are affected: Confluence before version 6.15.2, Crucible before version 4.7.0, Crowd before version 3.4.3... • https://ecosystem.atlassian.net/browse/APL-1373 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2 3