Uploaded image for project: 'Confluence Cloud'
  1. Confluence Cloud
  2. CONFCLOUD-54383

File Attachment persistent XSS

    XMLWordPrintable

Details

    Description

      There is a persistent XSS vulnerability in the attachment download functionality of Confluence. By uploading a malicious executable file type like SVG (scalable vector graphics with embedded JavaScript), it’s possible for an attacker to execute arbitrary code under the context of the logged in user.

      The following screenshot demonstrates this vulnerability being exploited:

      It's recommended the attachment handling code have a white list of known good mime-types that can be rendered inline. For everything else, the HTTP headers for content-type and content-disposition should be set to “application/x-download” and “attachment;" respectively.

      Attachments

        1. PersistentXSS.PNG
          61 kB
        2. schema.svg
          2 kB

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. CONFSERVER-25873 Various persistent-xss vulnerabilities in attachment downloads

          • High - High priority issues
          • Closed
          is related to

          Suggestion - CONFSERVER-1762 Embedding of SVG

          • Gathering Interest

          Activity

            People

              Unassigned Unassigned
              f4e9401f9900 Dan Hodson
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: