CVE-2017-9513
First published: Mon Jan 29 2018(Updated: )
Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do not have access to, although they will not receive notifications for the issue, via missing permission checks.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Activity Streams | <6.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-9513?
The severity of CVE-2017-9513 is medium, with a score of 5.4.
How do I fix CVE-2017-9513?
To fix CVE-2017-9513, upgrade Atlassian Activity Streams to version 6.3.0 or later.
Who is affected by CVE-2017-9513?
CVE-2017-9513 affects all versions of Atlassian Activity Streams prior to 6.3.0.
What types of attacks are possible due to CVE-2017-9513?
CVE-2017-9513 allows remote authenticated attackers to access notifications and watch Confluence pages and JIRA issues they do not have permission to view.
What is the nature of the vulnerability in CVE-2017-9513?
CVE-2017-9513 is a vulnerability that allows unauthorized access to Confluence page notifications and JIRA issue watching.
- collector/nvd-index
- agent/type
- agent/weakness
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/atlassian
- canonical/atlassian activity streams