vulnerability
Atlassian Confluence: Information Exposure (CVE-2022-42977)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
8 | (AV:N/AC:L/Au:N/C:C/I:N/A:N) | Nov 15, 2022 | Dec 7, 2022 | Jan 28, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:C/I:N/A:N)
Published
Nov 15, 2022
Added
Dec 7, 2022
Modified
Jan 28, 2025
Description
The Netic User Export add-on before 1.3.5 for Atlassian Confluence has the functionality to generate a list of users in the application, and export it. During export, the HTTP request has a fileName parameter that accepts any file on the system (e.g., an SSH private key) to be downloaded.
Solution

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.