Details
-
Bug
-
Resolution: Fixed
-
Medium
-
None
-
None
-
5
-
Description
NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report.
The template located at the url "$confprefix/setup/setup-restore.action?synchronous=false" for a given confluence installation provides a full directory path to the "backup" folder location which may real information regarding the location of the confluence data directory on the file-system. This is not a real problem in itself, but could be used in combination with another vulnerability within confluence at a later point.
Also, if there are any backup files in the backup folder - the names of the file(s) will also be "leaked".
Attachments
Issue Links
- relates to
-
CONFCLOUD-23109 Full Directory path information disclosure
- Closed