CVE-2017-7415
Confluence 6.0.x Information Disclosure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST resource.
Atlassian Confluence 6.x antes de 6.0.7 permite a los atacantes remotos eludir la autenticación y leer cualquier blog o página a través del recurso drafts diff REST.
The Confluence drafts diff rest resource made the current content of all blogs and pages in Confluence available without authentication. Attackers who can access the Confluence web interface of a vulnerable version can use this vulnerability to obtain the content of all blogs and pages inside Confluence. All versions of Confluence starting with version 6.0.0 but less than 6.0.7 (the fixed version for 6.0.x) are affected by this vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-04-04 CVE Reserved
- 2017-04-26 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/97961 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://packetstormsecurity.com/files/142330/Confluence-6.0.x-Information-Disclosure.html | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://jira.atlassian.com/browse/CONFSERVER-52222 | 2021-12-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Atlassian Search vendor "Atlassian" | Confluence Server Search vendor "Atlassian" for product "Confluence Server" | 6.0.0 Search vendor "Atlassian" for product "Confluence Server" and version "6.0.0" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Confluence Server Search vendor "Atlassian" for product "Confluence Server" | 6.0.1 Search vendor "Atlassian" for product "Confluence Server" and version "6.0.1" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Confluence Server Search vendor "Atlassian" for product "Confluence Server" | 6.0.2 Search vendor "Atlassian" for product "Confluence Server" and version "6.0.2" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Confluence Server Search vendor "Atlassian" for product "Confluence Server" | 6.0.3 Search vendor "Atlassian" for product "Confluence Server" and version "6.0.3" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Confluence Server Search vendor "Atlassian" for product "Confluence Server" | 6.0.4 Search vendor "Atlassian" for product "Confluence Server" and version "6.0.4" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Confluence Server Search vendor "Atlassian" for product "Confluence Server" | 6.0.5 Search vendor "Atlassian" for product "Confluence Server" and version "6.0.5" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Confluence Server Search vendor "Atlassian" for product "Confluence Server" | 6.0.6 Search vendor "Atlassian" for product "Confluence Server" and version "6.0.6" | - |
Affected
| ||||||