Details
-
Bug
-
Resolution: Fixed
-
High
-
2.0
-
None
-
Latest Confluence
Description
Confluence 2.0, Red Hat Linux. MySQL backend.
1. Create a new space, call it whatever you like.
2. Copy link to new space's Home and send to someone who shouldn't have permission to view it
3. When they click the link, it shows that the page wasn't found, but asks if they wanted the page they were just trying to access. It even gives an excerpt from that page. Even if they don't have permission to view it!
Leaks only a small amount of information, but it allows the user to get access to stuff they've been denied access to. Bad.