Uploaded image for project: 'Confluence Server and Data Center'
  1. Confluence Server and Data Center
  2. CONFSERVER-20508

Secure Administrator Sessions feature can be bypassed

    XMLWordPrintable

Details

    Description

      In some circumstances an attacker may be able to craft a request to a Confluence server that bypasses the additional layer of security added by the new Secure Administrator Sessions feature introduced in Confluence 3.3.

      This would allow an attacker to perform administrative functions on Confluence using a hijacked session without having to re-authenticate.

      This issue is rated HIGH. Please refer to http://confluence.atlassian.com/x/VgozDQ for information on other security related issue and more information on how we rate issues.

      Attachments

        Activity

          People

            jclark@atlassian.com Joe Clark
            jclark@atlassian.com Joe Clark
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: