Uploaded image for project: 'Confluence Cloud'
  1. Confluence Cloud
  2. CONFCLOUD-54200

UploadAttachmentsAction XSRF

    XMLWordPrintable

Details

    Description

      The UploadAttachmentsAction action is declared to use a validatingStack interceptor chain, but does not use the RequiresSecurityToken element, leaving it open to an XSRF attack. If this were exploited, an attacker could force a user’s browser to upload files into a space they have write permission in.

      File:confluence-misc-plugin\confluence-attachments-plugin\src\main\resource\Atlassian-plugin.xml

       
<xwork name="Attachments Plugin Actions" key="attachments.actions">
  <package name="Page actions" extends="default" namespace="/pages/plugins/attachments">
...
  <action name="uploadattachments" class="com.atlassian.confluence.extra.attachments.actions.UploadAttachmentsAction">
    <interceptor-ref name="validatingStack"/>
    <result name="input" type="json"/>
    <result name="error" type="json"/>
  </action>

      Attachments

        Issue Links

          is blocked by

          Bug - A problem which impairs or prevents the functions of the product. CONFSERVER-22069 Profile picture thumbnail generation can consume unlimited amount of memory

          • Medium - Medium priority issues
          • Closed

          Activity

            People

              etom edith (Inactive)
              f4e9401f9900 Dan Hodson
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: