-
Type:
Bug
-
Resolution: Won't Fix
-
Priority:
Low
-
Component/s: Integrations - Confluence Questions
-
Severity 3 - Minor
NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report.
This is an external report, and not a high priority - certainly much lower impact than ANSWERS-648.
This issue was reported by Nakul Mohan <edwardmaya618@gmail.com>, 11 May - the email is too long to reproduce here.
An attacker with the ability to:
- Inject partial chosen plaintext into a victim's requests
- Measure the size of encrypted traffic
can leverage information leaked by compression to recover targeted parts of the plaintext.
This can be attacked by using the reflected values in /search/ to leak the CSRF token.
- is related to
-
-
- Closed
-