N/A

There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this issue to read arbitrary file on the server under <install-directory>/confluence/WEB-INF directory, which may contain configuration files used for integrating with other services, which could potentially leak credentials or other sensitive information such as LDAP credentials. The LDAP credential will be potentially leaked only if the Confluence server is configured to use LDAP as user repository. All versions of Confluence Server from 6.1.0 before 6.6.16 (the fixed version for 6.6.x), from 6.7.0 before 6.13.7 (the fixed version for 6.13.x), and from 6.14.0 before 6.15.8 (the fixed version for 6.15.x) are affected by this vulnerability.

N/A

N/A

Atlassian Confluence Server和Confluence Data Center 信任管理问题漏洞

Atlassian Confluence Server是澳大利亚Atlassian公司的一套专业的企业知识管理与协同软件，也可以用于构建企业WiKi。Confluence Data Center是Confluence Center的数据中心版本。 Atlassian Confluence Server和Confluence Data Center中存在安全漏洞。攻击者可利用该漏洞读取<install-directory>/confluence/WEB-INF目录下服务器上的任意文件，可能包括：配置文件，凭

N/A

N/A