CVE-2015-8399
Atlassian Confluence 5.2/5.8.14/5.8.15 - Multiple Vulnerabilities
Severity Score
4.3
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.
Atlassian Confluence en versiones anteriores a 5.8.17 permite a usuarios remotos autenticados leer archivos de configuración a través del parámetro decoratorName en (1) spaces/viewdefaultdecorator.action o (2) admin/viewdefaultdecorator.action.
Atlassian Confluence suffers from cross site scripting and insecure direct object reference vulnerabilities. The cross site scripting affects versions 5.2, 5.8.14, and 5.8.15. The reference vulnerability affects versions 5.9.1, 5.8.14, and 5.8.15.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-12-02 CVE Reserved
- 2016-01-04 CVE Published
- 2023-11-28 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/archive/1/537232/100/0/threaded | Mailing List |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/39170 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Atlassian Search vendor "Atlassian" | Confluence Search vendor "Atlassian" for product "Confluence" | <= 5.8.16 Search vendor "Atlassian" for product "Confluence" and version " <= 5.8.16" | - |
Affected
| ||||||