Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-4794

Information leak when accessing url directly

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • High
    • 2.0.3
    • 2.0
    • None

    • Latest Confluence

    Description

      Confluence 2.0, Red Hat Linux. MySQL backend.

      1. Create a new space, call it whatever you like.
      2. Copy link to new space's Home and send to someone who shouldn't have permission to view it
      3. When they click the link, it shows that the page wasn't found, but asks if they wanted the page they were just trying to access. It even gives an excerpt from that page. Even if they don't have permission to view it!

      Leaks only a small amount of information, but it allows the user to get access to stuff they've been denied access to. Bad.

      Attachments

        Activity

          People

            8d92d19feb5e Jeremy Higgs
            e2efb8708065 Andrew Hurst
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: