[CONFSERVER-10289] Security vulnerability with Dashboard spacesSelectedTab - Create and track feature requests for Atlassian products.

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Highest
Resolution: Fixed
Affects Version/s: 2.6-dr1, 2.6.0, 2.6.1, 2.6.2, 2.7
Fix Version/s: 2.7.1
Component/s: Navigation - Dashboard
Labels:
Environment:

RHEL 4 64-bit, jdk1.5.0_10, Confluence Standalone

Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Our security team has reported the following vulnerability, which must be resolved for us to use the application.

> Severity: High
> Test Type: Application
> Vulnerable URL: https://gforgewiki.nci.nih.gov/dashboard.action
> (Parameter =
> spacesSelectedTab)
> Remediation Tasks: Filter out hazardous characters from user input

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

Attachments

Appscan_highalert.rtf
6 kB
19/Dec/2007 2:16 PM
RecentlyUpdatedContentMacro.class
18 kB
24/Dec/2007 4:38 AM
RecentlyUpdatedContentMacro.class
18 kB
24/Dec/2007 4:28 AM
RecentlyUpdatedContentMacro-2.6.diff
1 kB
24/Dec/2007 4:39 AM

Activity

People

Assignee:

Paul Curren

Reporter:

Mary Johnson

Participants:

Dave Loeng, Mary Johnson, Paul Curren

Last Touched By:

Katherine Yabut

Votes:

0 Vote for this issue

Watchers:

0 Start watching this issue

Dates

Created:

19/Dec/2007 2:16 PM

Updated:

11/Oct/2018 9:08 AM

Resolved:

24/Dec/2007 4:51 AM

Last commented:

11 years, 13 weeks, 1 day ago