Uploaded image for project: 'Confluence Server and Data Center'
  1. Confluence Server and Data Center
  2. CONFSERVER-20668

Path traversal vulnerability in various Confluence actions

    XMLWordPrintable

    Details

      Description

      We have identified and fixed a path traversal vulnerability in various Confluence actions. By exploiting a path traversal vulnerability, attackers can retrieve any file on the server that is running Confluence, based on the permissions of the user under which Confluence is running. Path traversal attacks are also called 'directory traversal' or dot-dot-slash (../) attacks.

      You can read more about path traversal attacks at Open Web Application Security Project (OWASP) and other places on the web:
      http://www.owasp.org/index.php/Path_Traversal

      Please refer to the security advisory for details of the vulnerability, risk assessment and mitigation strategies:
      http://confluence.atlassian.com/x/7ARODQ

        Attachments

          Activity

            People

            Assignee:
            don.willis@atlassian.com Don Willis
            Reporter:
            smaddox SarahA
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: