Intrusion Prevention

Confluence.Server.PackageResourceManager.Information.Disclosure

Description

This indicates an attack attempt to exploit an Information Disclosure Vulnerability in Atlassian Confluence Server.
A remote attacker with Add Page space permission can exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in local file disclosure.

Affected Products

Atlassian Confluence Server prior to 6.13.7
Atlassian Confluence Server prior to 6.15.8
Atlassian Confluence Server prior to 6.6.16

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://jira.atlassian.com/browse/CONFSERVER-58734

CVE References

CVE-2019-3394