Uploaded image for project: 'Confluence Server and Data Center'
  1. Confluence Server and Data Center
  2. CONFSERVER-20669

Confluence should not allow configuration of Office Connector temporary storage location

    XMLWordPrintable

Details

    Description

      Earlier versions of Confluence allow the administrator to set the temporary storage location for the View File macro, part of the Office Connector. Provided an attacker has gained administrative access to the system in some way, they could then exploit this vulnerability to save malicious files onto the file system.

      Please refer to the security advisory for details of the vulnerability, risk assessment and mitigation strategies:
      http://confluence.atlassian.com/x/7ARODQ

      Attachments

        Activity

          People

            Unassigned Unassigned
            smaddox SarahA
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: