Uploaded image for project: 'Confluence Cloud'
  1. Confluence Cloud
  2. CONFCLOUD-54383

File Attachment persistent XSS

XMLWordPrintable

      There is a persistent XSS vulnerability in the attachment download functionality of Confluence. By uploading a malicious executable file type like SVG (scalable vector graphics with embedded JavaScript), it’s possible for an attacker to execute arbitrary code under the context of the logged in user.

      The following screenshot demonstrates this vulnerability being exploited:

      It's recommended the attachment handling code have a white list of known good mime-types that can be rendered inline. For everything else, the HTTP headers for content-type and content-disposition should be set to “application/x-download” and “attachment;" respectively.

        1. PersistentXSS.PNG
          61 kB
          Dan Hodson
        2. schema.svg
          2 kB
          Dan Hodson

              Unassigned Unassigned
              f4e9401f9900 Dan Hodson
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: