漏洞描述
【漏洞对象】Atlassian Confluence 【涉及版本】<5.8.17 【漏洞描述】该漏洞源于spaces/viewdefaultdecorator.action和admin/viewdefaultdecorator.action文件没有充分过滤’decoratorName’参数,导致远程攻击者可利用该漏洞读取配置文件。
Confluence viewdefaultdecorator.action-任意文件读取(CVE-2015-8399)
PoC代码
暂无相关漏洞推荐
- CVE-2019-3396: Atlassian Confluence Path Traversal
- Atlassian Confluence /json/setup-restore.action 文件上传漏洞(CVE-2023-22518)
- POC CVE-2015-8399: Atlassian Confluence <5.8.17 - Information Disclosure
- POC CVE-2018-5230: Atlassian Jira Confluence - Cross-Site Scripting
- POC CVE-2019-3396: Atlassian Confluence Server - Path Traversal
- POC CVE-2019-3398: Atlassian Confluence Download Attachments - Remote Code Execution
- POC CVE-2021-26084: Confluence Server - Remote Code Execution
- POC CVE-2021-26085: Atlassian Confluence Server - Local File Inclusion
- POC CVE-2022-26134: Confluence - Remote Code Execution
- POC CVE-2022-26138: Atlassian Questions For Confluence - Hardcoded Credentials
- POC CVE-2023-22515: Atlassian Confluence - Privilege Escalation
- POC CVE-2023-22518: Atlassian Confluence Server - Improper Authorization
- POC CVE-2023-22527: Atlassian Confluence - Remote Code Execution