[CONFSERVER-10289] Security vulnerability with Dashboard spacesSelectedTab - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Highest
Fix Version/s: 2.7.1
Affects Version/s: 2.6-dr1, 2.6.0, 2.6.1, 2.6.2, 2.7
Component/s: Navigation - Dashboard
Labels:
Environment:

RHEL 4 64-bit, jdk1.5.0_10, Confluence Standalone

Bug Fix Policy:
View Atlassian Server bug fix policy

Our security team has reported the following vulnerability, which must be resolved for us to use the application.

> Severity: High
> Test Type: Application
> Vulnerable URL: https://gforgewiki.nci.nih.gov/dashboard.action
> (Parameter =
> spacesSelectedTab)
> Remediation Tasks: Filter out hazardous characters from user input

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

Appscan_highalert.rtf
6 kB
19/Dec/2007 2:16 PM
RecentlyUpdatedContentMacro.class
18 kB
24/Dec/2007 4:38 AM
RecentlyUpdatedContentMacro.class
18 kB
24/Dec/2007 4:28 AM
RecentlyUpdatedContentMacro-2.6.diff
1 kB
24/Dec/2007 4:39 AM

Assignee:: Paul Curren

Reporter:: Mary Johnson

Affected customers:: 0 This affects my team

Watchers:: 0 Start watching this issue

Created:: 19/Dec/2007 2:16 PM

Updated:: 11/Oct/2018 9:08 AM

Resolved:: 24/Dec/2007 4:51 AM

Details

Description

Attachments

Attachments

Forms

Activity

People

Dates