Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Highest
Component/s: None
Labels:

CVSS Score:
6.4
Bug Fix Policy:
View Atlassian Cloud bug fix policy

The UploadAttachmentsAction action is declared to use a validatingStack interceptor chain, but does not use the RequiresSecurityToken element, leaving it open to an XSRF attack. If this were exploited, an attacker could force a user’s browser to upload files into a space they have write permission in.

File:confluence-misc-plugin\confluence-attachments-plugin\src\main\resource\Atlassian-plugin.xml

 
<xwork name="Attachments Plugin Actions" key="attachments.actions">
  <package name="Page actions" extends="default" namespace="/pages/plugins/attachments">
...
  <action name="uploadattachments" class="com.atlassian.confluence.extra.attachments.actions.UploadAttachmentsAction">
    <interceptor-ref name="validatingStack"/>
    <result name="input" type="json"/>
    <result name="error" type="json"/>
  </action>

is blocked by

CONFSERVER-22069 Profile picture thumbnail generation can consume unlimited amount of memory

Closed

Assignee:: edith (Inactive)

Reporter:: Dan Hodson

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 29/Nov/2012 12:41 PM

Updated:: 22/Aug/2019 3:51 AM

Resolved:: 15/May/2013 6:59 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates