Confluence Support

In this advisory:

Users with view permission in a space can copy and save a page

Vulnerability

A user who has only view permissions in a space can copy a page and then save it in the space. In this way, users can create a page in a space where they have only view permission.

This flaw affects only Confluence version 2.5.4.

Fix

This issue has been fixed in Confluence 2.5.5. A patch is also available for Confluence 2.5.4. For more information, including instructions on applying the patch, please see this issue report.

If you are using Confluence 2.5.4, Atlassian strongly recommends that you upgrade to Confluence 2.5.5 or apply the patch.

Space name and key are not validated nor escaped

Vulnerability

The input for space name and key is not validated properly - any characters are allowed. This makes a Confluence instance vulnerable to an XSS attack.

Fix

This issue has been fixed in Confluence 2.5.5. For more information, please see this issue report.

Atlassian recommends that you upgrade to Confluence 2.5.5.

Confluence Support

Knowledge base

Products

Jira Software

Jira Service Management

Jira Work Management

Confluence

Bitbucket

Resources

Documentation

Community

Suggestions and bugs

Marketplace

Billing and licensing

Confluence Security Advisory 2007-07-26

Confluence Security Overview and Advisories

On this page

Still need help?

Users with view permission in a space can copy and save a page

Vulnerability

Fix

Space name and key are not validated nor escaped

Vulnerability

Fix

Page

Viewport

Confluence

Versions

Confluence Security Advisory 2007-07-26

Confluence Security Overview and Advisories

On this page

Related content

Still need help?

Users with view permission in a space can copy and save a page

Vulnerability

Fix

Space name and key are not validated nor escaped

Vulnerability

Fix

Related content