Details
-
Bug
-
Resolution: Fixed
-
High
-
4.1.6
-
None
-
4.3
-
Description
A skipfish scan of confluence found that flushcache.action is vulnerable to 'open redirect' as the returlUrl seems to send up in the Location HTTP header on a 302 redirect response. Note the token parameter in the
here is an example attack using the flaw
http://localhost:8080/confluence/admin/flushcache.action?cache=com.atlassian.confluence.locale.requestLang&redirectUrl=XXXX&atl_token=xxx23