XMLWordPrintable

    Details

      Description

      We have identified and fixed a vulnerability in Confluence which allowed unauthenticated users to commit actions on behalf of any other authorised user. In order to exploit this vulnerability, an attacker requires access to Confluence web interface.

      The vulnerability affects all supported versions of Confluence up to and including 5.4.

      Versions 5.3.4, 5.4 and 5.4.1 are not vulnerable but require patches for compatibility purposes in order to be able to connect to patched or upgraded versions of JIRA and other Atlassian products. You do not need to patch these versions if you are not using Application Links with Trusted Applications authentication configured. Version 5.4.2 is not vulnerable but contains a bug CONF-32397.

      This issue has been fixed in 5.4.3.

      For more information, see our security advisory.

        Attachments

        1. confluence-40-patch.zip
          4.52 MB
        2. confluence-41-patch.zip
          4.53 MB
        3. confluence-42-patch.zip
          3.52 MB
        4. confluence-43-patch.zip
          3.51 MB
        5. confluence-50-patch.zip
          3.54 MB
        6. confluence-51-patch.zip
          3.54 MB
        7. confluence-52-patch.zip
          3.59 MB
        8. confluence-53-patch.zip
          3.59 MB
        9. confluence-54-patch.zip
          3.60 MB

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              rbattaglin Renan Battaglin
              Votes:
              0 Vote for this issue
              Watchers:
              11 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: