Uploaded image for project: 'Confluence Server and Data Center'
  1. Confluence Server and Data Center
  2. CONFSERVER-20508

Secure Administrator Sessions feature can be bypassed

    XMLWordPrintable

    Details

      Description

      In some circumstances an attacker may be able to craft a request to a Confluence server that bypasses the additional layer of security added by the new Secure Administrator Sessions feature introduced in Confluence 3.3.

      This would allow an attacker to perform administrative functions on Confluence using a hijacked session without having to re-authenticate.

      This issue is rated HIGH. Please refer to http://confluence.atlassian.com/x/VgozDQ for information on other security related issue and more information on how we rate issues.

        Attachments

          Activity

            People

            Assignee:
            jclark@atlassian.com Joe Clark
            Reporter:
            jclark@atlassian.com Joe Clark
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: