Atlassian Confluence Questions CVE-2018-13394 Cross-Site Request Forgery Vulnerability
BID:105284
CVE-2018-13394 |Info
Atlassian Confluence Questions CVE-2018-13394 Cross-Site Request Forgery Vulnerability
| Bugtraq ID: | 105284 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-13394 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 15 2018 12:00AM |
| Updated: | Aug 15 2018 12:00AM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
Atlassian Confluence 6.6.1 Atlassian Confluence 6.5.2 Atlassian Confluence 6.5 Atlassian Confluence 6.4.2 Atlassian Confluence 6.4.1 Atlassian Confluence 6.3.4 Atlassian Confluence 6.3.3 Atlassian Confluence 6.2.1 Atlassian Confluence 6.1.2 Atlassian Confluence 6.1.1 Atlassian Confluence 6.1 Atlassian Confluence 6.0.7 Atlassian Confluence 6.0.6 Atlassian Confluence 6.0.5 Atlassian Confluence 6.0.4 Atlassian Confluence 6.0.3 Atlassian Confluence 6.0.2 Atlassian Confluence 6.0.1 Atlassian Confluence 6.0 Atlassian Confluence 2.0.2 Atlassian Confluence 2.0.1 Atlassian Confluence 6.8.0 Atlassian Confluence 6.7.2 Atlassian Confluence 6.7.1 Atlassian Confluence 6.7.0 Atlassian Confluence 6.5.1 Atlassian Confluence 2.6.5 Atlassian Confluence 2.6.4 Atlassian Confluence 2.6.3 Atlassian Confluence 2.6.2 Atlassian Confluence 2.6.1 Atlassian Confluence 2.6 |
| Not Vulnerable: |
Atlassian Confluence 6.9.0 Atlassian Confluence 2.6.6 |
Discussion
Atlassian Confluence Questions CVE-2018-13394 Cross-Site Request Forgery Vulnerability
Atlassian Confluence is prone to a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.
This issue is fixed in the following versions:
Atlassian Confluence 2.6.6 and 6.9.0
Atlassian Confluence is prone to a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.
This issue is fixed in the following versions:
Atlassian Confluence 2.6.6 and 6.9.0
Exploit / POC
Atlassian Confluence Questions CVE-2018-13394 Cross-Site Request Forgery Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Atlassian Confluence Questions CVE-2018-13394 Cross-Site Request Forgery Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.