CVE-2025-27604 – com.xwiki.confluencepro:application-confluence-migrator-pro-ui

Package

Manager: maven
Name: com.xwiki.confluencepro:application-confluence-migrator-pro-ui
Vulnerable Version: >=0 <1.11.7

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.001 pctl0.283

Details

com.xwiki.confluencepro:application-confluence-migrator-pro-ui's application homepage is public ### Impact The homepage of the application is public which enables a guest to download the package which might contain sensitive information. ### Patches 1.11.7 ### Workarounds The access to the page can be manually restricted to a specific set of users or groups.

Metadata

Created: 2025-03-07T16:19:25Z
Modified: 2025-03-07T19:16:54Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-3w9f-2pph-j5vc/GHSA-3w9f-2pph-j5vc.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-3w9f-2pph-j5vc
Finding: F308
Auto approve: 1