Description
NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report.
ID: CONF-001 - Information Exposure
CWE ID: 200
CWE Description: An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.
Additional description: One REST service (/rest/likes/1.0/content) doesn't (properly) authenticate requests. An anonymous user can request a list of 'likes' from arbitrary pages that aren't accessible for anonymous users. Confluence returns a list of Confluence usernames as well as full usernames that 'like' that page.
This could help an attacker: By bruteforcing page_ID it's possible to obtain a list of usernames and full usernames of all persons that have 'liked' one or more pages.
Affected URL(s):
/rest/likes/1.0/content/<page_ID>/likes
/rest/likes/1.0/content/<page_ID>/comment-likes
Attachments
Issue Links
- relates to
-
CONFCLOUD-29672 /rest/likes/1.0/content does not check page permissions properly
- Closed