Confluence Security Advisory 2007-07-26
Confluence Security Overview and Advisories
- Confluence Community Security Advisory 2006-01-19
- Confluence Security Advisory 2005-02-09
- Confluence Security Advisory 2005-12-05
- Confluence Security Advisory 2006-01-20
- Confluence Security Advisory 2006-01-23
- Confluence Security Advisory 2006-06-14
- Confluence Security Advisory 2007-07-26
- Confluence Security Advisory 2007-08-08
- Confluence Security Advisory 2007-11-19
- Confluence Security Advisory 2007-11-27
- Confluence Security Advisory 2007-12-14
- Confluence Security Advisory 2008-01-24
- Confluence Security Advisory 2008-03-06
- Confluence Security Advisory 2008-03-19
- Confluence Security Advisory 2008-05-21
- Confluence Security Advisory 2008-07-03
- Confluence Security Advisory 2008-09-08
- Confluence Security Advisory 2008-10-14
- Confluence Security Advisory 2008-12-03
- Confluence Security Advisory 2009-01-07
- Confluence Security Advisory 2009-02-18
- Confluence Security Advisory 2009-04-15
- Confluence Security Advisory 2009-06-01
- Confluence Security Advisory 2009-06-16
- Confluence Security Advisory 2009-08-20
- Confluence Security Advisory 2009-10-06
- Confluence Security Advisory 2009-12-08
- Confluence Security Advisory 2010-05-04
- Confluence Security Advisory 2010-06-02
- Confluence Security Advisory 2010-07-06
- Confluence Security Advisory 2010-08-17
- Confluence Security Advisory 2010-09-21
- Confluence Security Advisory 2010-10-12
- Confluence Security Advisory 2010-11-15
- Confluence Security Advisory 2011-01-18
- Confluence Security Advisory 2011-03-24
- Confluence Security Advisory 2011-05-31
- Confluence Security Advisory 2012-05-17
- Confluence Security Advisory 2012-09-04
- Confluence Security Advisory 2012-09-11
- Confluence Security Advisory 2013-08-05
- Confluence Security Advisory 2014-02-26
- Confluence Security Advisory 2014-05-21
- Confluence Security Advisory - 2015-01-21
- Confluence Security Advisory - 2016-09-21
- Confluence Security Advisory - 2017-04-19
- Confluence Security Advisory - 2019-03-20
- Confluence Security Advisory - 2019-04-17
- Confluence Security Advisory - 2019-08-28
- Confluence Security Advisory - 2019-12-18
- Confluence Security Advisory - 2021-08-25
- Multiple Products Security Advisory - Unrendered unicode bidirectional override characters - CVE-2021-42574 - 2021-11-01
- Multiple Products Security Advisory - Hazelcast Vulnerable To Remote Code Execution - CVE-2016-10750
- Confluence Security Advisory 2022-06-02
- Questions For Confluence Security Advisory 2022-07-20
On this page
Related content
- Javascript Error when accessing Issues link in Project Navigation after Upgrade
- JVM Segfault (SIGSEGV) After Plugin Initialisation
- SIGSEGV Segmentation Fault JVM Crash
- Uncaught QuotaExceededError displays in browser using Jira server
- Character Encoding Issues when using JASIG CAS Authenticator
- JIRA Agile error during page load - curl already exists
- How to fetch the Team name from the comments by using Regex
- JIRA Agile is currently unavailable error when Restoring the JIRA Cloud backup to JIRA 6.4.5 with JIRA Agile 6.7.4
- Error "Field with id' xxx' and name 'Team' does not support operation 'add' Supported operation(s) are: 'set'" on Jira Align Connector
- Configure the look and feel of Jira applications
In this advisory:
Users with view permission in a space can copy and save a page
Vulnerability
A user who has only view permissions in a space can copy a page and then save it in the space. In this way, users can create a page in a space where they have only view permission.
This flaw affects only Confluence version 2.5.4.
Fix
This issue has been fixed in Confluence 2.5.5. A patch is also available for Confluence 2.5.4. For more information, including instructions on applying the patch, please see this issue report.
If you are using Confluence 2.5.4, Atlassian strongly recommends that you upgrade to Confluence 2.5.5 or apply the patch.
Space name and key are not validated nor escaped
Vulnerability
The input for space name and key is not validated properly - any characters are allowed. This makes a Confluence instance vulnerable to an XSS attack.
Fix
This issue has been fixed in Confluence 2.5.5. For more information, please see this issue report.
Atlassian recommends that you upgrade to Confluence 2.5.5.
Related content
- Javascript Error when accessing Issues link in Project Navigation after Upgrade
- JVM Segfault (SIGSEGV) After Plugin Initialisation
- SIGSEGV Segmentation Fault JVM Crash
- Uncaught QuotaExceededError displays in browser using Jira server
- Character Encoding Issues when using JASIG CAS Authenticator
- JIRA Agile error during page load - curl already exists
- How to fetch the Team name from the comments by using Regex
- JIRA Agile is currently unavailable error when Restoring the JIRA Cloud backup to JIRA 6.4.5 with JIRA Agile 6.7.4
- Error "Field with id' xxx' and name 'Team' does not support operation 'add' Supported operation(s) are: 'set'" on Jira Align Connector
- Configure the look and feel of Jira applications