Confluence Security Advisory 2006-01-23

Confluence Security Overview and Advisories

On this page

Still need help?

The Atlassian Community is here for you.

Ask the community

A flaw has been found in Confluence by which the unrestricted content of a space can be revealed in search results.

Vulnerability

By entering in a space key and blank query string into the Search macro, pages from the specified space will be displayed, without filtering on page and space permissions. This can allow unpermitted users to view the excerpts of pages they don't have access to.

This flaw is confirmed to affect all releases from 1.4 to 2.1.2.

More information is available at CONF-5189.

Fix

This vulnerability is fixed in Confluence 2.1.3 and later. We strongly suggest that customers upgrade to this release to fix the vulnerability.

Customers who are using 1.4.x and do not wish to upgrade can download a patched class from CONF-5198.

Last modified on Jan 20, 2006

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.