[CONFSERVER-14014] Word import with Office Connector can overwrite existing content without permission

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 2.10.1
Affects Version/s: 2.10
Component/s: None
Labels:
- affects-server
- editor
- office
- qa-manual
- security
Environment:

All versions of the Office Connector

Bug Fix Policy:
View Atlassian Server bug fix policy

It's possible under a specific set of circumstances that a user could perform actions they may otherwise be unauthorized to perform using the document import feature of the Office Connector. The specific actions would be editing or deleting a page they don't have permission to change.

Note that this bug doesn't expose content to unauthorized users.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

OfficeConnector-1.4.jar
21/Dec/2008 11:34 PM
7.92 MB
Andrew Lynch

mentioned in: Wiki Page Failed to load

Form Name

Andrew Lynch (Inactive) added a comment - 22/Dec/2008 5:58 AM

The newest version of the Office Connector plugin attached to this issue will resolve this security vulnerability.

Andrew Lynch (Inactive) added a comment - 22/Dec/2008 5:58 AM The newest version of the Office Connector plugin attached to this issue will resolve this security vulnerability.

Assignee:: RyanA

Reporter:: Anonymous

Affected customers:: 0 This affects my team

Watchers:: 0 Start watching this issue

Created:: 17/Dec/2008 4:34 AM

Updated:: 11/Oct/2018 8:43 AM

Resolved:: 23/Dec/2008 2:39 AM

Details

Description

Attachments

Attachments

Issue Links

Forms

Activity

Collapse comment: Andrew Lynch (Inactive) added a comment - 22/Dec/2008 5:58 AM

Expand comment: Andrew Lynch (Inactive) added a comment - 22/Dec/2008 5:58 AM

People

Dates