Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-32641

Content Spoofing in the createrssfeed action

XMLWordPrintable

      A third party scan found that createrssfeed action is vulnerable to content spoofing, in specific text injection. In this case the content spoofing may be used to perform a phishing attack on users.

      How to reproduce:
      1. go to https://$confluence/$contextPath/wiki/spaces/createrssfeed.action?types=blogpost&spaces=ds&sort=modified&title=Please%20login%20at%20https://attacker.com&maxResults=15&publicFeed=false&os_authType=basic&rssType=atom
      2. observe that the title parameter is found in the response.

      Note: different browsers render the rss feed xml differently and while chrome just shows the raw xml, Internet Explorer and firefox both render the xml returned as a 'semi-html page'.

            [CONFSERVER-32641] Content Spoofing in the createrssfeed action

            Richard Atkins made changes -
            Labels Original: affects-server content-spoofing cvss-medium rss/atom-feeds security whitehat New: affects-server content-spoofing cvss-medium injection rss/atom-feeds security whitehat
            Katherine Yabut made changes -
            Workflow Original: JAC Bug Workflow v3 [ 2878328 ] New: CONFSERVER Bug Workflow v4 [ 3004216 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow v2 [ 2781354 ] New: JAC Bug Workflow v3 [ 2878328 ]
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            Owen made changes -
            Workflow Original: JAC Bug Workflow [ 2709384 ] New: JAC Bug Workflow v2 [ 2781354 ]
            Owen made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2374430 ] New: JAC Bug Workflow [ 2709384 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 2260279 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2374430 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2210900 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 2260279 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2156943 ] New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2210900 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v5 [ 1939417 ] New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2156943 ]
            Katherine Yabut made changes -
            Workflow Original: Confluence Workflow - Public Facing - Restricted v3 [ 1738160 ] New: Confluence Workflow - Public Facing - Restricted v5 [ 1939417 ]

              gvotruong Giang Vo
              dblack David Black
              Affected customers:
              0 This affects my team
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: