Uploaded image for project: 'Confluence Server'
  1. Confluence Server
  2. CONFSERVER-20508

Secure Administrator Sessions feature can be bypassed

    XMLWordPrintable

    Details

      Description

      In some circumstances an attacker may be able to craft a request to a Confluence server that bypasses the additional layer of security added by the new Secure Administrator Sessions feature introduced in Confluence 3.3.

      This would allow an attacker to perform administrative functions on Confluence using a hijacked session without having to re-authenticate.

      This issue is rated HIGH. Please refer to http://confluence.atlassian.com/x/VgozDQ for information on other security related issue and more information on how we rate issues.

        Attachments

          Activity

            People

            • Assignee:
              jclark@atlassian.com Joe Clark
              Reporter:
              jclark@atlassian.com Joe Clark
              Participants:
              Last Touched By:
              Katherine Yabut
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Last commented:
                8 years, 43 weeks, 5 days ago