Uploaded image for project: 'Confluence Server and Data Center'
  1. Confluence Server and Data Center
  2. CONFSERVER-20669

Confluence should not allow configuration of Office Connector temporary storage location

    XMLWordPrintable

    Details

      Description

      Earlier versions of Confluence allow the administrator to set the temporary storage location for the View File macro, part of the Office Connector. Provided an attacker has gained administrative access to the system in some way, they could then exploit this vulnerability to save malicious files onto the file system.

      Please refer to the security advisory for details of the vulnerability, risk assessment and mitigation strategies:
      http://confluence.atlassian.com/x/7ARODQ

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            smaddox SarahA
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: