A flaw has been found in Confluence by which the unrestricted content of a space can be revealed in search results.
By entering in a space key and blank query string into the Search macro, pages from the specified space will be displayed, without filtering on page and space permissions. This can allow unpermitted users to view the excerpts of pages they don't have access to.
This flaw is confirmed to affect all releases from 1.4 to 2.1.2.
More information is available at CONF-5189.
This vulnerability is fixed in Confluence 2.1.3 and later. We strongly suggest that customers upgrade to this release to fix the vulnerability.
Customers who are using 1.4.x and do not wish to upgrade can download a patched class from CONF-5198.