PT-2018-11796 · Atlassian · Confluence+1
Publicado
2018-08-15
·
Atualizado
2018-10-12
·
CVE-2018-13394
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Atlassian Confluence Questions versions prior to 2.6.6
Confluence versions prior to 6.9.0
Description
The issue allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability, specifically affecting the acceptAnswer resource in Atlassian Confluence Questions.
Recommendations
For Atlassian Confluence Questions versions prior to 2.6.6, update to version 2.6.6 or later.
For Confluence versions prior to 6.9.0, update to version 6.9.0 or later.
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Confluence Questions
Confluence