Details
-
Bug
-
Resolution: Fixed
-
Medium
-
5.2.3
-
None
Description
If anonymous user access is enabled under "Global Permission", user can access to "OAuth Administration" page without the need to log-in. Here is the URL to the page:
<server-base-url>/plugins/servlet/oauth/view-consumer-info
This page display Confluence administrators menu on the sidebar and other information such as:
- Consumer Key
- Name
- Description
- Public Key
- Callback URL