Uploaded image for project: 'Confluence'
  1. Confluence
  2. CONF-28932

External image sources can trigger a basic authentication dialogue

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Won't Fix
    • Affects Version/s: 5.1
    • Fix Version/s: None
    • Component/s: None
    • Last commented by user?:
      true
    • CVSS Score:
      3.5

      Description

      When an external resource(e.g. http://foo.com/image.jpeg) is used as the source of an image tag, if the external resource returns a 401 response code and sets a WWW-Authenticate header then the browsers standard 'Basic authentication' dialogue will pop up within on the confluence page.
      While this is standard (and expected) browser behavior it could confuse users and be used in phishing attacks.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Last commented:
                3 years, 16 weeks, 5 days ago