Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-52222

Unauthenticated users can view the content of Confluence blogs and pages (CVE-2017-7415)

      The Confluence drafts diff rest resource made the current content of all blogs and pages in Confluence available without authentication by providing a page id or draft id. Attackers who can access the Confluence web interface of a vulnerable version can use this vulnerability to obtain the content of all blogs and pages inside Confluence provided that they first enumerate page or draft ids.

      Affected versions:

      • All versions of Confluence starting with 6.0.0 before version 6.0.7 are affected by this vulnerability.

      Fix:

       

      Risk Mitigation:

      If you are unable to upgrade right now, this issue can be mitigated in vulnerable versions of Confluence by disabling Collaborative editing as per the following instructions.

      1. Go to   > General Configuration > Collaborative editing.
      2. Change the collaborative editing mode to Off. Be aware that shared drafts will be lost when you switch to this mode, so make sure your users have published any work they want to keep before you make the change.
      3. Refresh the page and check that the Collaborative editing mode has changed to "OFF".

       
      Acknowledgements
      We would like to credit Yuvanesh for reporting this issue to us.

       

      For additional details see the full advisory.

          Form Name

            [CONFSERVER-52222] Unauthenticated users can view the content of Confluence blogs and pages (CVE-2017-7415)

            anton.litovtsenko this issue it is not related to that resource. It is related to a resource under

            /rest/tinymce/

            You maybe able to detect unauthenticated users attempting to exploit this issue by looking for a large number of access requests to a url under /rest/tinymce/ with different numbers in the url access path.

            David Black added a comment - anton.litovtsenko  this issue it is not related to that resource. It is related to a resource under / rest /tinymce/ You maybe able to detect unauthenticated users attempting to exploit this issue by looking for a large number of access requests to a url under /rest/tinymce/ with different numbers in the url access path.

            PA3MEP added a comment -

            I do hope that it will be logged to some sort of confluence access.log, but it would be lovely to get some official info on this topic from Atlassian

            PA3MEP added a comment - I do hope that it will be logged to some sort of confluence access.log, but it would be lovely to get some official info on this topic from Atlassian

            I second Anton, is there a script or tool we can run/utilize that would identify any breaches?

            Ryan Puzzello added a comment - I second Anton, is there a script or tool we can run/utilize that would identify any breaches?

            PA3MEP added a comment -

            Hei.

            I would like to ask how can we verify was our Confluence attacked using this CVE or not?

            Is this issue related to
            /rest/api/content
            REST API call?

            PA3MEP added a comment - Hei. I would like to ask how can we verify was our Confluence attacked using this CVE or not? Is this issue related to /rest/api/content REST API call?

            Are 6.0 OD releases affected by this?

            Please advise,

            James Lawton added a comment - Are 6.0 OD releases affected by this? Please advise,

            CVSS v3 score: 7.5 => High severity

            Exploitability Metrics

            Attack Vector Network
            Attack Complexity Low
            Privileges Required None
            User Interaction None

            Scope Metric

            Scope Unchanged

            Impact Metrics

            Confidentiality High
            Integrity None
            Availability None

            See http://go.atlassian.com/cvss for more details.

            David Black added a comment - CVSS v3 score: 7.5 => High severity Exploitability Metrics Attack Vector Network Attack Complexity Low Privileges Required None User Interaction None Scope Metric Scope Unchanged Impact Metrics Confidentiality High Integrity None Availability None See http://go.atlassian.com/cvss for more details.

              Unassigned Unassigned
              dblack David Black
              Affected customers:
              0 This affects my team
              Watchers:
              9 Start watching this issue

                Created:
                Updated:
                Resolved: