QID 730338

Confluence is team collaboration software written in Java.

Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint.

Affected Versions:
Atlassian Confluence Server versions prior to 7.4.13.
Atlassian Confluence Server versions 7.5.0 and 7.12.5 (inclusive).
Atlassian Confluence Server versions prior to 7.13.2
Atlassian Confluence Server versions 7.14.0 QID Detection Logic:
This unauthenticated QID detects vulnerable Atlassian Confluence versions by making GET request to login.action page and parsing information exposed in ajs-version-number or footer-build-information HTML entities.

Unicode bidirectional override characters and can allow malicious code to be hidden.