{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-13T06:12:25.904","vulnerabilities":[{"cve":{"id":"CVE-2017-9505","sourceIdentifier":"security@atlassian.com","published":"2017-06-15T16:29:00.233","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Confluence could receive workbox notifications, which contain the content of comments, for comments added to a page after they started watching it even if they do not have permission to view the page itself."},{"lang":"es","value":"Atlassian Confluence desde la versión 4.3.0 hasta la 6.2.1 no comprobaba si un usuario tenía permiso para visualizar una página mientras se creaba una notificación workbox sobre nuevos comentarios. Un atacante que pueda iniciar sesión en Confluence podría recibir notificaciones workbox, que contienen los comentarios, para los comentarios añadidos a una página una vez que han empezado a verla aunque no tengan permiso para visualizar la propia página."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-276"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3","versionEndExcluding":"6.2.1","matchCriteriaId":"9806EAE9-4652-46DF-866A-B580435705E4"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/99086","source":"security@atlassian.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://jira.atlassian.com/browse/CONFSERVER-52560","source":"security@atlassian.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170613-0_Atlassian_Confluence_Access_Restriction_Bypass_v10.txt","source":"security@atlassian.com","tags":["Exploit","Mitigation","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/99086","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://jira.atlassian.com/browse/CONFSERVER-52560","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]},{"url":"https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170613-0_Atlassian_Confluence_Access_Restriction_Bypass_v10.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mitigation","Third Party Advisory"]}]}}]}