• Type: Bug
• Resolution: Fixed
• Priority: Medium
• Fix Version/s: 6.0.3
• Affects Version/s: 5.10.8, 1000.439.0
• Component/s: Macros - Gadgets
• Labels:

  • affects-cloud
  • affects-server
  • bugbounty
  • cvss-medium
  • security
  • ssrf

[CONFSERVER-45392] Update atlassian-gadgets in Confluence to fix AG-1502/ACG-5

Collapse comment: Jade Giacoppo (Inactive) added a comment - 19/Dec/2016 5:31 AM

Jade Giacoppo (Inactive) added a comment - 19/Dec/2016 5:31 AM

A fix for this issue is now available for Confluence Server customers.
Upgrade now or check out the Release Notes to see what other issues are resolved.

Expand comment: Jade Giacoppo (Inactive) added a comment - 19/Dec/2016 5:31 AM

Jade Giacoppo (Inactive) added a comment - 19/Dec/2016 5:31 AM A fix for this issue is now available for Confluence Server customers. Upgrade now or check out the Release Notes to see what other issues are resolved.

Collapse comment: David Black added a comment - 28/Nov/2016 4:14 AM

David Black added a comment - 28/Nov/2016 4:14 AM

CVSS v3 score: 5.8 => Medium severity

Exploitability Metrics

Attack Vector	Network
Attack Complexity	Low
Privileges Required	None
User Interaction	None

Scope Metric

Scope	Changed

Impact Metrics

Confidentiality	Low
Integrity	None
Availability	None

See http://go.atlassian.com/cvss for more details.

Expand comment: David Black added a comment - 28/Nov/2016 4:14 AM

David Black added a comment - 28/Nov/2016 4:14 AM CVSS v3 score: 5.8 => Medium severity Exploitability Metrics Attack Vector Network Attack Complexity Low Privileges Required None User Interaction None Scope Metric Scope Changed Impact Metrics Confidentiality Low Integrity None Availability None See http://go.atlassian.com/cvss for more details.