Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Highest
Fix Version/s: 3.3.3
Affects Version/s: 2.8
Component/s: None
Labels:

Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Earlier versions of Confluence allow the administrator to set the temporary storage location for the View File macro, part of the Office Connector. Provided an attacker has gained administrative access to the system in some way, they could then exploit this vulnerability to save malicious files onto the file system.

Please refer to the security advisory for details of the vulnerability, risk assessment and mitigation strategies:
http://confluence.atlassian.com/x/7ARODQ

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: SarahA

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 25/Aug/2010 1:48 AM

Updated:: 11/Oct/2018 9:05 AM

Resolved:: 21/Sep/2010 2:01 AM