Search criteria
2 vulnerabilities found for Activity Streams by Atlassian
CVE-2017-9513 (GCVE-0-2017-9513)
Vulnerability from nvd – Published: 2018-01-29 19:00 – Updated: 2024-09-17 02:53
VLAI
Summary
Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do not have access to, although they will not receive notifications for the issue, via missing permission checks.
Severity
No CVSS data available.
CWE
- CWE-284 - Improper Access Control (CWE-284)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://ecosystem.atlassian.net/browse/STRM-2350 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/102869 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Activity Streams |
Affected:
All versions prior to version 6.3.0
|
Date Public
2017-09-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:11:01.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://ecosystem.atlassian.net/browse/STRM-2350"
},
{
"name": "102869",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102869"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Activity Streams",
"vendor": "Atlassian",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 6.3.0"
}
]
}
],
"datePublic": "2017-09-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page \u0026 receive notifications when comments are added to the watched page, and vote \u0026 watch JIRA issues that they do not have access to, although they will not receive notifications for the issue, via missing permission checks."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Control (CWE-284)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-01T10:57:01.000Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://ecosystem.atlassian.net/browse/STRM-2350"
},
{
"name": "102869",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102869"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2017-09-07T00:00:00",
"ID": "CVE-2017-9513",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Activity Streams",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 6.3.0"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page \u0026 receive notifications when comments are added to the watched page, and vote \u0026 watch JIRA issues that they do not have access to, although they will not receive notifications for the issue, via missing permission checks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control (CWE-284)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ecosystem.atlassian.net/browse/STRM-2350",
"refsource": "CONFIRM",
"url": "https://ecosystem.atlassian.net/browse/STRM-2350"
},
{
"name": "102869",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102869"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2017-9513",
"datePublished": "2018-01-29T19:00:00.000Z",
"dateReserved": "2017-06-07T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:53:33.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9513 (GCVE-0-2017-9513)
Vulnerability from cvelistv5 – Published: 2018-01-29 19:00 – Updated: 2024-09-17 02:53
VLAI
Summary
Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues that they do not have access to, although they will not receive notifications for the issue, via missing permission checks.
Severity
No CVSS data available.
CWE
- CWE-284 - Improper Access Control (CWE-284)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://ecosystem.atlassian.net/browse/STRM-2350 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/102869 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Atlassian | Activity Streams |
Affected:
All versions prior to version 6.3.0
|
Date Public
2017-09-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:11:01.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://ecosystem.atlassian.net/browse/STRM-2350"
},
{
"name": "102869",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102869"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Activity Streams",
"vendor": "Atlassian",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 6.3.0"
}
]
}
],
"datePublic": "2017-09-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page \u0026 receive notifications when comments are added to the watched page, and vote \u0026 watch JIRA issues that they do not have access to, although they will not receive notifications for the issue, via missing permission checks."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Control (CWE-284)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-01T10:57:01.000Z",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://ecosystem.atlassian.net/browse/STRM-2350"
},
{
"name": "102869",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102869"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2017-09-07T00:00:00",
"ID": "CVE-2017-9513",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Activity Streams",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 6.3.0"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page \u0026 receive notifications when comments are added to the watched page, and vote \u0026 watch JIRA issues that they do not have access to, although they will not receive notifications for the issue, via missing permission checks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control (CWE-284)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ecosystem.atlassian.net/browse/STRM-2350",
"refsource": "CONFIRM",
"url": "https://ecosystem.atlassian.net/browse/STRM-2350"
},
{
"name": "102869",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102869"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2017-9513",
"datePublished": "2018-01-29T19:00:00.000Z",
"dateReserved": "2017-06-07T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:53:33.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}