CVE-2018-20237

Published: Feb 13, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature.

Affected (4)

Products: Atlassian: Confluence Data Center, Confluence Server

2 products

Confluence Data Center

Confluence Server

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Atlassian Confluence Data Center	Before 6.13.1
Atlassian Confluence Data Center	From 6.13.2 to 6.14.0
Atlassian Confluence Server	Before 6.13.1
Atlassian Confluence Server	From 6.13.2 to 6.14.0

Related CWEs

Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (6)

http://www.securityfocus.com/bid/107041

Source: security@atlassian.com

Third Party AdvisoryVDB Entry

https://jira.atlassian.com/browse/CONFSERVER-57814

Source: security@atlassian.com

Issue TrackingVendor Advisory

https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20237/

Source: security@atlassian.com

Third Party Advisory

http://www.securityfocus.com/bid/107041

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://jira.atlassian.com/browse/CONFSERVER-57814

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20237/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.