PT-2019-10030 · Atlassian · Confluence

Jean-Marie Bourbon

·

Published

2019-02-13

·

Updated

2022-07-27

·

CVE-2018-20237

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions: Atlassian Confluence Server and Data Center versions prior to 6.13.1
Description: The issue allows an authenticated user to download a deleted page via the word export feature.
Recommendations: For versions prior to 6.13.1, update to version 6.13.1 or later to resolve the issue.

Fix

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-668

Related Identifiers

CVE-2018-20237

Affected Products

Confluence