Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 5.4.1
Affects Version/s: 5.1.2
Component/s: None
Labels:

CVSS Score:
4
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Both HtmlExporter.java and FileXmlExporter.java use the prepareExportFileName method inherited from AbstractExporterImpl.java in forming a path to use for the zip file location (archivePath & zipFileName, respectively) which uses the user controlled space key[0] in the returned path and are thus vulnerable to path traversal.

[0] personal space keys are allowed to contain "." and "/" characters.

Attachments

Issue Links

is related to

CONFSERVER-33904 Put spacekey in filename of exported spaces

Closed

mentioned in: Page Loading...; Wiki Page Loading...

Activity

People

Assignee:: Alice Wang (Inactive)

Reporter:: David Black

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 26/Apr/2013 6:49 AM

Updated:: 11/Oct/2018 8:36 AM

Resolved:: 25/Nov/2013 3:13 AM