Atlassian Confluence CVE-2018-13393 Cross-Site Request Forgery Vulnerability
BID:105155
CVE-2018-13393 |Info
Atlassian Confluence CVE-2018-13393 Cross-Site Request Forgery Vulnerability
| Bugtraq ID: | 105155 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-13393 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 15 2018 12:00AM |
| Updated: | Aug 15 2018 12:00AM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
Atlassian Confluence 6.6.1 Atlassian Confluence 6.5.2 Atlassian Confluence 6.5 Atlassian Confluence 6.4.2 Atlassian Confluence 6.4.1 Atlassian Confluence 6.3.4 Atlassian Confluence 6.3.3 Atlassian Confluence 6.2.1 Atlassian Confluence 6.1.2 Atlassian Confluence 6.1.1 Atlassian Confluence 6.1 Atlassian Confluence 6.0.7 Atlassian Confluence 6.0.6 Atlassian Confluence 6.0.5 Atlassian Confluence 6.0.4 Atlassian Confluence 6.0.3 Atlassian Confluence 6.0.2 Atlassian Confluence 6.0.1 Atlassian Confluence 6.0 Atlassian Confluence 2.0.2 Atlassian Confluence 2.0.1 Atlassian Confluence 6.8.0 Atlassian Confluence 6.7.2 Atlassian Confluence 6.7.1 Atlassian Confluence 6.7.0 Atlassian Confluence 6.5.1 Atlassian Confluence 2.6.5 Atlassian Confluence 2.6.4 Atlassian Confluence 2.6.3 Atlassian Confluence 2.6.2 Atlassian Confluence 2.6.1 Atlassian Confluence 2.6 |
| Not Vulnerable: |
Atlassian Confluence 6.9.0 Atlassian Confluence 2.6.6 |
Discussion
Atlassian Confluence CVE-2018-13393 Cross-Site Request Forgery Vulnerability
Atlassian Confluence is prone to a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.
This issue is fixed in the following versions:
Atlassian Confluence 2.6.6 and 6.9.0
Atlassian Confluence is prone to a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.
This issue is fixed in the following versions:
Atlassian Confluence 2.6.6 and 6.9.0
Solution / Fix
Atlassian Confluence CVE-2018-13393 Cross-Site Request Forgery Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Atlassian Confluence CVE-2018-13393 Cross-Site Request Forgery Vulnerability
References:
References:
- Atlassian Homepage (Atlassian)
- The convertCommentToAnswer resource of Confluence Questions was vulnerable to CS (Atlassian)