Robert Gilbert

**Name of the Vulnerable Software and Affected Versions** Atlassian Confluence version 3.4.6 **Description** A cross-site request forgery (CSRF) issue exists in the logout.action of Atlassian Confluence, allowing remote attackers to hijack the authentication of administrators for requests that logout the user via a comment. **Recommendations** For Atlassian Confluence version 3.4.6, consider restricting access to the logout.action until a patch is available. As a temporary workaround, avoid using the logout functionality via comments to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Rapid7 Nexpose Security Console versions prior to 5.5.4 **Description** A cross-site request forgery issue allows remote attackers to hijack the authentication of victims for requests that delete scan data and sites via a request to "data/site/delete". **Recommendations** For versions prior to 5.5.4, update to version 5.5.4 or later to resolve the issue.