Details
-
Bug
-
Resolution: Fixed
-
Medium
-
None
-
3.5
-
Description
NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report.
LDAP directory credentials can be found when viewing the source of /plugins/servlet/embedded-crowd/configure/delegatingldap/. It is possible for an attacker to obtain these credentials using either cross site scripting or after gaining administrative access. These details can then be used to extend their access on the current or additional machines on the network.
Attachments
Issue Links
- is cloned from
-
JRACLOUD-29656 LDAP Username and Password Disclosure - Embedded Crowd
- Closed
- is related to
-
CONFSERVER-36047 LDAP Username and Password Disclosure - Embedded Crowd
- Closed