CVE-2017-7415

EUVD-2017-16439
Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST resource.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
Affected Products (NVD)
VendorProductVersion
atlassianconfluence_server
6.0.0
atlassianconfluence_server
6.0.1
atlassianconfluence_server
6.0.2
atlassianconfluence_server
6.0.3
atlassianconfluence_server
6.0.4
atlassianconfluence_server
6.0.5
atlassianconfluence_server
6.0.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/97961
https://jira.atlassian.com/browse/CONFSERVER-52222
https://packetstormsecurity.com/files/142330/Confluence-6.0.x-Information-Disclosure.html
http://www.securityfocus.com/bid/97961
https://jira.atlassian.com/browse/CONFSERVER-52222
https://packetstormsecurity.com/files/142330/Confluence-6.0.x-Information-Disclosure.html