The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 prior to 7.4.6, and from 7.5.0 prior to 7.8.3 allowed unauthenticated remote malicious users to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
atlassian confluence server |
||
atlassian confluence data center |