-
Bug
-
Resolution: Fixed
-
High
-
2.4.3, 2.9
-
None
If the id of a page is known by a user, that user can view the content of the page without having permissions to the space it is in. They need only construct the right URL.
EG:
Two spaces A and B
Page with id 1 is in Space A
Page with id 2 is in Space B
User cannot see Space A
User can see Space B
The following URL will allow the user to view a diff of the two pages, thus easily deriving the content of the page in the hidden space.
http://confluence.example.com/pages/diffpages.action?pageId=2&originalId=1
- is related to
-
-
- Closed
-
[CONFSERVER-12860] Hidden pages' content can be viewed without permission using diffpages.action
| Workflow | Original: JAC Bug Workflow v3 [ 2874821 ] | New: CONFSERVER Bug Workflow v4 [ 3003471 ] |
| Workflow | Original: JAC Bug Workflow v2 [ 2802779 ] | New: JAC Bug Workflow v3 [ 2874821 ] |
| Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |
| Workflow | Original: JAC Bug Workflow [ 2733057 ] | New: JAC Bug Workflow v2 [ 2802779 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2398413 ] | New: JAC Bug Workflow [ 2733057 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 2296302 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2398413 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2232046 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 2296302 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2191646 ] | New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2232046 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 1927818 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2191646 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v3 [ 1728895 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 1927818 ] |
| Workflow | Original: CONF Bug Subtask WF (TEMP) [ 1686289 ] | New: Confluence Workflow - Public Facing - Restricted v3 [ 1728895 ] |