CVE-2017-9513

Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do not have access to, although they will not receive notifications for the issue, via missing permission checks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
atlassianCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
VendorProductVersion
atlassianactivity_streams
𝑥
< 6.3.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/102869
https://ecosystem.atlassian.net/browse/STRM-2350
http://www.securityfocus.com/bid/102869
https://ecosystem.atlassian.net/browse/STRM-2350