-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Medium
-
Affects Version/s: No-Version
-
Component/s: Apps - Confluence Questions
-
Severity 3 - Minor
The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to make a user modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability.