Atlassian Confluence CVE-2017-7415 Information Disclosure Vulnerability

Atlassian Confluence is prone to an information-disclosure vulnerability.

Successful exploits of this issue lead to disclosure of sensitive information which may aid in launching further attacks.

Atlassian Confluence 6.0.0 version prior to 6.0.7 are vulnerable.

Information

Bugtraq ID: 97961
Class: Unknown
CVE: CVE-2017-7415

Remote: Yes
Local: No
Published: Apr 19 2017 12:00AM
Updated: Apr 24 2017 02:08PM
Credit: Yuvanesh
Vulnerable: Atlassian Confluence 6.0.6
Atlassian Confluence 6.0.5
Atlassian Confluence 6.0.4
Atlassian Confluence 6.0.3
Atlassian Confluence 6.0.2
Atlassian Confluence 6.0.1
Atlassian Confluence 6.0

Not Vulnerable: Atlassian Confluence 6.1.2
Atlassian Confluence 6.1.1
Atlassian Confluence 6.1
Atlassian Confluence 6.0.7

Exploit

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References:

• Atlassian Homepage (Atlassian)
  
• Unauthenticated users can view the content of Confluence blogs and pages (CVE-20 (Atlassian)
  
• Confluence Security Advisory - 2017-04-19 (Atlassian)
  

Source: www.securityfocus.com