Title | Authorization vulnerability for Confluence page tree |
Summary | A vulnerability discovered in Baselines for Confluence allows an attacker to get the names and page tree locations of Confluence pages that should have been invisible to that user because of Page Restrictions. |
Security Advisory Release Date | 23.12.2019 |
Severity | Low |
Affected Products | Baselines for Confluence Server |
Affected Version(s) | From version 1.2.0.97 up to version 1.7.2.163 |
Fixed Version(s) | 1.7.3.165 |
Details | A vulnerability in Baselines for Confluence version 1.7.2.163 and earlier versions allows an attacker to get the names and locations of Confluence pages that should be restricted by Page Restrictions for that user.
|
Workaround | No workaround is available. |
Permanent Fix | Upgrade to Baselines for Confluence 1.7.3.165 or above. |
What you should do | If you are using a version of Baselines for Confluence between 1.2.0.97 and 1.7.2.163, you should update your app to versin 1.7.3.165 or above. |
Support | If you have questions, you can reach OBSS support team through htttps://pluginsupport.obss.com.tr/ or by sending an e-mail to plugin@obss.com.tr |
Overview
Content Tools
Activity
Tasks