CVE-2017-9513
N/A
N/A
Summary
Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do not have access to, although they will not receive notifications for the issue, via missing permission checks.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Atlassian | Activity Streams | All versions prior to version 6.3.0 | affected |
Weaknesses
- CWE-284: Improper Access Control (CWE-284)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.