[CONFSERVER-20508] Secure Administrator Sessions feature can be bypassed

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 3.3.1, 3.4
Affects Version/s: 3.3
Component/s: None
Labels:

Bug Fix Policy:
View Atlassian Server bug fix policy

In some circumstances an attacker may be able to craft a request to a Confluence server that bypasses the additional layer of security added by the new Secure Administrator Sessions feature introduced in Confluence 3.3.

This would allow an attacker to perform administrative functions on Confluence using a hijacked session without having to re-authenticate.

This issue is rated HIGH. Please refer to http://confluence.atlassian.com/x/VgozDQ for information on other security related issue and more information on how we rate issues.

Katherine Yabut made changes - 13/Nov/2018 4:48 AM

Workflow

Original: JAC Bug Workflow v3 [ 2880001 ]

New: CONFSERVER Bug Workflow v4 [ 3003823 ]

Owen made changes - 11/Oct/2018 8:43 AM

Workflow	Original: JAC Bug Workflow v2 [ 2785684 ]	New: JAC Bug Workflow v3 [ 2880001 ]
Status	Original: Resolved [ 5 ]	New: Closed [ 6 ]

Owen made changes - 29/Aug/2018 11:14 PM

Workflow

Original: JAC Bug Workflow [ 2715351 ]

New: JAC Bug Workflow v2 [ 2785684 ]

Owen made changes - 02/Jul/2018 6:51 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2381436 ]

New: JAC Bug Workflow [ 2715351 ]

Katherine Yabut made changes - 22/Jun/2017 6:47 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5 [ 2273544 ]

New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2381436 ]

Katherine Yabut made changes - 31/May/2017 5:33 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2217156 ]

New: Confluence Workflow - Public Facing - Restricted v5 [ 2273544 ]

Katherine Yabut made changes - 31/May/2017 4:55 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2169921 ]

New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2217156 ]

Katherine Yabut made changes - 31/May/2017 1:59 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5 [ 1930302 ]

New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2169921 ]

Katherine Yabut made changes - 03/Apr/2017 3:59 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v3 [ 1730704 ]

New: Confluence Workflow - Public Facing - Restricted v5 [ 1930302 ]

Katherine Yabut made changes - 28/Feb/2017 6:34 AM

Workflow

Original: CONF Bug Subtask WF (TEMP) [ 1686781 ]

New: Confluence Workflow - Public Facing - Restricted v3 [ 1730704 ]

Assignee:: Joe Clark

Reporter:: Joe Clark

Affected customers:: 0 This affects my team

Watchers:: 1 Start watching this issue

Created:: 02/Aug/2010 5:14 AM

Updated:: 11/Oct/2018 8:43 AM

Resolved:: 02/Aug/2010 5:17 AM

Details

Description

Attachments

Forms

Activity

People

Dates