{"containers":{"cna":{"affected":[{"product":"Confluence Server","vendor":"Atlassian","versions":[{"status":"affected","version":"Versions of Confluence starting with 4.3.0 before 6.2.1 are affected by this vulnerability."}]}],"datePublic":"2017-06-13T00:00:00.000Z","descriptions":[{"lang":"en","value":"Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Confluence could receive workbox notifications, which contain the content of comments, for comments added to a page after they started watching it even if they do not have permission to view the page itself."}],"problemTypes":[{"descriptions":[{"description":"Access Restriction Bypass","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-06-19T09:57:01.000Z","orgId":"f08a6ab8-ed46-4c22-8884-d911ccfe3c66","shortName":"atlassian"},"references":[{"name":"99086","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/99086"},{"tags":["x_refsource_CONFIRM"],"url":"https://jira.atlassian.com/browse/CONFSERVER-52560"},{"tags":["x_refsource_MISC"],"url":"https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170613-0_Atlassian_Confluence_Access_Restriction_Bypass_v10.txt"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@atlassian.com","ID":"CVE-2017-9505","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Confluence Server","version":{"version_data":[{"version_value":"Versions of Confluence starting with 4.3.0 before 6.2.1 are affected by this vulnerability."}]}}]},"vendor_name":"Atlassian"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Confluence could receive workbox notifications, which contain the content of comments, for comments added to a page after they started watching it even if they do not have permission to view the page itself."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Access Restriction Bypass"}]}]},"references":{"reference_data":[{"name":"99086","refsource":"BID","url":"http://www.securityfocus.com/bid/99086"},{"name":"https://jira.atlassian.com/browse/CONFSERVER-52560","refsource":"CONFIRM","url":"https://jira.atlassian.com/browse/CONFSERVER-52560"},{"name":"https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170613-0_Atlassian_Confluence_Access_Restriction_Bypass_v10.txt","refsource":"MISC","url":"https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170613-0_Atlassian_Confluence_Access_Restriction_Bypass_v10.txt"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-05T17:11:01.774Z"},"title":"CVE Program Container","references":[{"name":"99086","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/99086"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://jira.atlassian.com/browse/CONFSERVER-52560"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170613-0_Atlassian_Confluence_Access_Restriction_Bypass_v10.txt"}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-16T13:49:31.045428Z","id":"CVE-2017-9505","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-16T13:50:42.415Z"}}]},"cveMetadata":{"assignerOrgId":"f08a6ab8-ed46-4c22-8884-d911ccfe3c66","assignerShortName":"atlassian","cveId":"CVE-2017-9505","datePublished":"2017-06-15T16:00:00.000Z","dateReserved":"2017-06-07T00:00:00.000Z","dateUpdated":"2024-10-16T13:50:42.415Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}