[CONFSERVER-25541] multimedia macro allows execution of arbitrary scripts

Type: Bug
Resolution: Fixed
Priority: Highest
Fix Version/s: 5.1.4
Affects Version/s: 3.5.13, 4.2
Component/s: None
Labels:
- affects-server
- cvss-high
- editor
- loyalty
- security
- verified
- xss
Environment:

CentOS 5.8, JDK 1.6.0_29

CVSS Score:
6.5
Bug Fix Policy:
View Atlassian Server bug fix policy

The

{multimedia} macro in confluence embeds a swf without the 'allowScriptAccess' attribute set to 'none'. This allows the embedded (user submitted) swf to execute arbitrary javascript on the page, constituting an XSS vulnerability. The {multimedia}

tag is bundled in with the base product and not an optional macro, so steps may need to be taken by Atlassian to fix this issue if there isn't a configuration setting anywhere.

This issue was reported by Workday's Security Operations team member Michael Carlson

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

HelloWorld.as
18/May/2012 8:44 PM
0.3 kB
David Corley
HelloWorld.swf
18/May/2012 8:44 PM
1 kB
David Corley

mentioned in: Wiki Page Failed to load

Katherine Yabut made changes - 13/Nov/2018 4:48 AM

Workflow

Original: JAC Bug Workflow v3 [ 2875325 ]

New: CONFSERVER Bug Workflow v4 [ 3004986 ]

Owen made changes - 11/Oct/2018 8:37 AM

Workflow	Original: JAC Bug Workflow v2 [ 2803296 ]	New: JAC Bug Workflow v3 [ 2875325 ]
Status	Original: Resolved [ 5 ]	New: Closed [ 6 ]

Owen made changes - 29/Aug/2018 11:20 PM

Workflow

Original: JAC Bug Workflow [ 2735977 ]

New: JAC Bug Workflow v2 [ 2803296 ]

Owen made changes - 02/Jul/2018 7:12 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2394755 ]

New: JAC Bug Workflow [ 2735977 ]

Alex Yakovlev (Inactive) made changes - 16/Oct/2017 3:50 AM

Labels

Original: affects-server bugfix cvss-high editor loyalty security verified xss

New: affects-server cvss-high editor loyalty security verified xss

Alex Yakovlev (Inactive) made changes - 16/Oct/2017 3:41 AM

Labels

Original: affects-server bugfix cvss-high editor security verified xss

New: affects-server bugfix cvss-high editor loyalty security verified xss

Katherine Yabut made changes - 22/Jun/2017 6:51 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5 [ 2290400 ]

New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2394755 ]

Katherine Yabut made changes - 31/May/2017 5:37 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2228448 ]

New: Confluence Workflow - Public Facing - Restricted v5 [ 2290400 ]

Katherine Yabut made changes - 31/May/2017 4:59 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2184708 ]

New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2228448 ]

Katherine Yabut made changes - 31/May/2017 2:02 AM

Workflow

Original: Confluence Workflow - Public Facing - Restricted v5 [ 1946298 ]

New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2184708 ]

Assignee:: Chii (Inactive)

Reporter:: David Corley

Affected customers:: 0 This affects my team

Watchers:: 5 Start watching this issue

Created:: 18/May/2012 8:44 PM

Updated:: 11/Oct/2018 8:37 AM

Resolved:: 22/May/2013 2:00 AM

Details

Description

Attachments

Attachments

Issue Links

Forms

Activity

People

Dates