CVE-2018-13393

6.5MEDIUM

Key Information:

Vendor: Atlassian
Status: Confluence Questions
Vendor: CVE Published:; 15 August 2018

Summary

The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability.

Affected Version(s)

Confluence Questions < 2.6.6

References

http://www.securityfocus.com/bid/105155

vdb-entryx_refsource_BID

https://jira.atlassian.com/browse/CONFSERVER-56282

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 15, 2018
Vulnerability Reserved
Jul 6, 2018