Vulnerability
Description
Atlassian Confluence is a team workspace where knowledge and Collaboration meet. It gives your team a place to create, capture, and collaborate on any idea or project.
Atlassian Confluence until versions 5.8.17 is vulnerable to Insecure Direct Object. It allows authenticated users to read configuration files remotely via the decoratorName parameter to spaces/viewdefaultdecorator.action or admin/viewdefaultdecorator.action
Recommendation
Don’t run Atlassian run Confluence as root/Administrator
Block all URLs that match the pattern using proxy
Update Atlassian Confluence the latest version
Written by
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
