CVE-2018-13393

The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability.
References
Link Resource
http://www.securityfocus.com/bid/105155 Third Party Advisory VDB Entry
https://jira.atlassian.com/browse/CONFSERVER-56282 Issue Tracking Vendor Advisory
http://www.securityfocus.com/bid/105155 Third Party Advisory VDB Entry
https://jira.atlassian.com/browse/CONFSERVER-56282 Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:atlassian:questions_for_confluence:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:47

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/105155 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/105155 - Third Party Advisory, VDB Entry
References () https://jira.atlassian.com/browse/CONFSERVER-56282 - Issue Tracking, Vendor Advisory () https://jira.atlassian.com/browse/CONFSERVER-56282 - Issue Tracking, Vendor Advisory

Information

Published : 2018-08-15 12:29

Updated : 2024-11-21 03:47


NVD link : CVE-2018-13393

Mitre link : CVE-2018-13393

CVE.ORG link : CVE-2018-13393


JSON object : View

Products Affected

atlassian

  • questions_for_confluence
CWE
CWE-352

Cross-Site Request Forgery (CSRF)