Atlassian · Confluence · CVE-2017-9505
**Name of the Vulnerable Software and Affected Versions**
Atlassian Confluence versions 4.3.0 through 6.2.1
**Description**
The issue allows an attacker who can log in to Confluence to receive workbox notifications containing the content of comments for pages they do not have permission to view, as long as they started watching the page before the comments were added.
**Recommendations**
For versions 4.3.0 through 6.2.1, update to version 6.2.1 or later to resolve the issue.