Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 2.7.3
Affects Version/s: 2.6.2, 2.7.2
Component/s: None
Labels:
- affects-server
- security

Bug Fix Policy:
View Atlassian Server bug fix policy

Description

The social bookmarking plugin is bundled in Confluence 2.7.x and Confluence 2.6.x. As such this vulnerability affects all 2.7.x and 2.6.x instances (even if you do not use the plugin or do not have the Add Bookmark Web Item enabled).

The updatebookmark.action URL is vulnerable on these parameters:

bookmarkPageId
redirect
labelsString

The JIRA issue created in the developer.atlassian.com project for this plugin can be found here: http://developer.atlassian.com/jira/browse/MARK-60.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

socialbookmarking-1.1.1.jar
61 kB
18/Mar/2008 4:41 AM
socialbookmarking-1.0.6-patched.jar
59 kB
18/Mar/2008 5:13 AM

Activity

People

Assignee:: dave (Inactive)

Reporter:: dave (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 18/Mar/2008 4:38 AM

Updated:: 11/Oct/2018 9:04 AM

Resolved:: 18/Mar/2008 4:41 AM