vulnerability

Atlassian Confluence: Information Exposure (CVE-2022-42977)

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:C/I:N/A:N)
Published
Nov 15, 2022
Added
Dec 7, 2022
Modified
Jan 28, 2025

Description

The Netic User Export add-on before 1.3.5 for Atlassian Confluence has the functionality to generate a list of users in the application, and export it. During export, the HTTP request has a fileName parameter that accepts any file on the system (e.g., an SSH private key) to be downloaded.

Solution

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.