Description

Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.

Remediation

References

CVE-2015-8399

Related Vulnerabilities

WordPress 4.1.x Cross-Site Scripting Vulnerability (4.1 - 4.1.8)

Jenkins Improper Input Validation Vulnerability (CVE-2012-6073)

Envoy Proxy Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-15225)

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-3129)

WordPress Plugin SEOPress, on-site SEO Cross-Site Scripting (5.0.3)

Severity

Medium

Classification

CVE-2015-8399 CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities