[CONFSERVER-20669] Confluence should not allow configuration of Office Connector temporary storage location

Type: Bug
Resolution: Fixed
Priority: Highest
Fix Version/s: 3.3.3
Affects Version/s: 2.8
Component/s: None
Labels:

Bug Fix Policy:
View Atlassian Server bug fix policy

Earlier versions of Confluence allow the administrator to set the temporary storage location for the View File macro, part of the Office Connector. Provided an attacker has gained administrative access to the system in some way, they could then exploit this vulnerability to save malicious files onto the file system.

Please refer to the security advisory for details of the vulnerability, risk assessment and mitigation strategies:
http://confluence.atlassian.com/x/7ARODQ

There are no comments yet on this issue.

Assignee:: Unassigned

Reporter:: SarahA

Affected customers:: 0 This affects my team

Watchers:: 0 Start watching this issue

Created:: 25/Aug/2010 1:48 AM

Updated:: 11/Oct/2018 9:05 AM

Resolved:: 21/Sep/2010 2:01 AM

Details

Description

Attachments

Forms

Activity

People

Dates