Confluence Security Advisory 2006-06-14

Confluence Security Overview and Advisories

On this page

Still need help?

The Atlassian Community is here for you.

Ask the community


By crafting a custom HTTP request, an attacker can delete or modify global permissions settings on a Confluence site.

This flaw affects all Confluence versions between 1.4 and 2.2.2. 2.2.3 and later are not vulnerable.


This issue has been fixed in Confluence 2.2.3. Patches are also available for all versions of Confluence betwen 1.4 and 2.2.2. For more information, please see this issue report.

Atlassian STRONGLY recommends that all customers either upgrade to Confluence 2.2.3, or apply the patch.

Last modified on Jun 14, 2006

Was this helpful?

Provide feedback about this article
Powered by Confluence and Scroll Viewport.