[CONFSERVER-57814] Download a deleted page via word export - CVE-2018-20237 - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 6.14.0, 6.13.1
Affects Version/s: 6.12.0
Component/s: Page - Export / Import
Labels:
- advisory
- advisory-released
- bugbounty
- cve-2018-20237
- cvss-low
- idor
- scale-team
- security

Fixed in Long Term Support Release/s:

Download 6.13
Symptom Severity:
Severity 3 - Minor
Bug Fix Policy:
View Atlassian Server bug fix policy

Atlassian Confluence Server from version 6.12.0 (or earlier), and before version 6.13.1, or before version 6.14.0 allows an authenticated user to download a deleted page via the word export feature.

set-jac-bot made changes - 22/May/2020 8:22 AM

Fixed in Enterprise Release/s

New: [Download 6.13|https://confluence.atlassian.com/enterprise/atlassian-enterprise-releases-948227420.html]

Usman Khalid (Inactive) made changes - 04/Mar/2019 12:59 AM

Labels

Original: advisory advisory-released bugbounty cve-2018-20237 cvss-low enterprise-backlog idor scale-team security

New: advisory advisory-released bugbounty cve-2018-20237 cvss-low idor scale-team security

Usman Khalid (Inactive) made changes - 04/Mar/2019 12:58 AM

Labels

Original: advisory advisory-released bugbounty cve-2018-20237 cvss-low enterprise-backlog idor security

New: advisory advisory-released bugbounty cve-2018-20237 cvss-low enterprise-backlog idor scale-team security

David Black made changes - 26/Feb/2019 12:59 AM

Summary

Original: Download a deleted page via word export

New: Download a deleted page via word export - CVE-2018-20237

Matt Hart (Inactive) made changes - 07/Feb/2019 3:25 AM

Labels

Original: advisory advisory-to-release bugbounty cve-2018-20237 cvss-low enterprise-backlog idor security

New: advisory advisory-released bugbounty cve-2018-20237 cvss-low enterprise-backlog idor security

Matt Hart (Inactive) made changes - 07/Feb/2019 3:24 AM

Security

Original: Reporter and Atlassian Staff [ 10751 ]

g made changes - 29/Jan/2019 10:04 AM

Security

Original: Atlassian Staff [ 10750 ]

New: Reporter and Atlassian Staff [ 10751 ]

g made changes - 29/Jan/2019 9:59 AM

Reporter

Original: Security Metrics Bot [ security-metrics-bot ]

New: CERT-XLM [ 2ab2b2ee052a ]

Matt Hart (Inactive) made changes - 29/Jan/2019 1:47 AM

Labels

Original: advisory advisory-to-release bugbounty cvss-low enterprise-backlog idor security

New: advisory advisory-to-release bugbounty cve-2018-20237 cvss-low enterprise-backlog idor security

Matt Hart (Inactive) made changes - 29/Jan/2019 1:44 AM

Description

Original: Component in Atlassian Confluence Server from version 6.12.0 before version 6.13.1 and before version 6.14.0 allows an authenticated user to download a deleted page via the word export feature.

New: Atlassian Confluence Server from version 6.12.0 (or earlier), and before version 6.13.1, or before version 6.14.0 allows an authenticated user to download a deleted page via the word export feature.

Assignee:: Matt Hart (Inactive)

Reporter:: CERT-XLM

Affected customers:: 0 This affects my team

Watchers:: 3 Start watching this issue

Created:: 29/Jan/2019 1:26 AM

Updated:: 22/May/2020 8:22 AM

Resolved:: 29/Jan/2019 1:27 AM

Details

Description

Attachments

Forms

Activity

[CONFSERVER-57814] Download a deleted page via word export - CVE-2018-20237

People

Dates