Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-11153

XSS vulnerability in social bookmarking plugin bundled in Confluence

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Medium Medium
    • 2.7.3
    • 2.6.2, 2.7.2
    • None

      The social bookmarking plugin is bundled in Confluence 2.7.x and Confluence 2.6.x. As such this vulnerability affects all 2.7.x and 2.6.x instances (even if you do not use the plugin or do not have the Add Bookmark Web Item enabled).

      The updatebookmark.action URL is vulnerable on these parameters:

      • bookmarkPageId
      • redirect
      • labelsString

      The JIRA issue created in the developer.atlassian.com project for this plugin can be found here: http://developer.atlassian.com/jira/browse/MARK-60.

        1. socialbookmarking-1.0.6-patched.jar
          59 kB
        2. socialbookmarking-1.1.1.jar
          61 kB

              dave@atlassian.com dave (Inactive)
              dave@atlassian.com dave (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: