Vulnerability Description
Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do not have access to, although they will not receive notifications for the issue, via missing permission checks.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Atlassian | Activity Streams | < 6.3.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/102869Third Party AdvisoryVDB Entry
- https://ecosystem.atlassian.net/browse/STRM-2350Vendor Advisory
- http://www.securityfocus.com/bid/102869Third Party AdvisoryVDB Entry
- https://ecosystem.atlassian.net/browse/STRM-2350Vendor Advisory
FAQ
What is CVE-2017-9513?
CVE-2017-9513 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are add...
How severe is CVE-2017-9513?
CVE-2017-9513 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-9513?
Check the references section above for vendor advisories and patch information. Affected products include: Atlassian Activity Streams.