TitleAuthorization vulnerability for Confluence page tree
Summary

A vulnerability discovered in Baselines for Confluence allows an attacker to get the names and page tree locations of Confluence pages that should have been invisible to that user because of Page Restrictions.

Security Advisory Release Date23.12.2019
SeverityLow
Affected ProductsBaselines for Confluence Server
Affected Version(s)

From version 1.2.0.97 up to version 1.7.2.163 

Fixed Version(s)1.7.3.165
Details

A vulnerability in Baselines for Confluence version 1.7.2.163 and earlier versions allows an attacker to get the names and locations of Confluence pages that should be restricted by Page Restrictions for that user.

  • In order to exploit this vulnerability, the attacker must already have a valid user on Confluence. Attackers without a valid Confluence login cannot exploit this vulnerability.
  • The vulnerability allows the attacker to only see the page names and the locations of those pages in the page tree. The attacker cannot access or change the contents of those pages using this vulnerability.
WorkaroundNo workaround is available.
Permanent FixUpgrade to Baselines for Confluence 1.7.3.165 or above.
What you should doIf you are using a version of Baselines for Confluence between 1.2.0.97 and 1.7.2.163, you should update your app to versin 1.7.3.165 or above.
Support

If you have questions, you can reach OBSS support team through htttps://pluginsupport.obss.com.tr/ or by sending an e-mail to plugin@obss.com.tr


APDBSL-168 - Getting issue details... STATUS

  • No labels

© 2012-2015 Copyright OBSS