Uploaded image for project: 'Confluence Cloud'
  1. Confluence Cloud
  2. CONFCLOUD-23109

Full Directory path information disclosure

    XMLWordPrintable

Details

    Description

      NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report.

      The template located at the url "$confprefix/setup/setup-restore.action?synchronous=false" for a given confluence installation provides a full directory path to the "backup" folder location which may real information regarding the location of the confluence data directory on the file-system. This is not a real problem in itself, but could be used in combination with another vulnerability within confluence at a later point.

      Also, if there are any backup files in the backup folder - the names of the file(s) will also be "leaked".

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. CONFSERVER-23109 Full Directory path information disclosure

          • Medium - Medium priority issues
          • Closed

          Activity

            People

              igerges Issac Gerges (Inactive)
              dblack David Black
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: