CVE-2017-9513

Summary

Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do not have access to, although they will not receive notifications for the issue, via missing permission checks.

Affected Software

VendorProductVersion RangeStatus
AtlassianActivity StreamsAll versions prior to version 6.3.0affected

Weaknesses

  • CWE-284: Improper Access Control (CWE-284)

ADP Enrichment

CVE Program Container

Additional References

References