Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-16136

XSS vulnerability can be exploited on the WebDAV Configuration page

      Steps:

      1. Go to WebDAV Configuration
      2. Enter '<script>alert("XSS")</script>'
      3. Click on 'Add new regex' button

      The script will be executed. It will continue to be executed whenever a user clicks on the 'Save' button.

      This can be done by users in the confluence-admin group, so it could be used by them to gain access to sys-admin actions.

            [CONFSERVER-16136] XSS vulnerability can be exploited on the WebDAV Configuration page

            Oh, I set the wrong fix-for version accidentally. Back to 3.0.1

            Per Fragemann [Atlassian] added a comment - Oh, I set the wrong fix-for version accidentally. Back to 3.0.1

            Fixing this vulnerability:

            This issue also affects Confluence version 2.10.x installations where the WebDAV plugin version has been upgraded to 2.0.

            Confluence 2.10.x users can resolve this issue by either upgrading to version 2.0.1 of the WebDAV plugin or by upgrading to Confluence 3.0.1.

            Confluence 3.0 users can resolve this issue by either upgrading to version 2.3 of the WebDAV plugin or by upgrading to Confluence 3.0.1.

            Giles Gaskell [Atlassian] added a comment - - edited Fixing this vulnerability: This issue also affects Confluence version 2.10.x installations where the WebDAV plugin version has been upgraded to 2.0. Confluence 2.10.x users can resolve this issue by either upgrading to version 2.0.1 of the WebDAV plugin or by upgrading to Confluence 3.0.1. Confluence 3.0 users can resolve this issue by either upgrading to version 2.3 of the WebDAV plugin or by upgrading to Confluence 3.0.1.

            Anatoli added a comment -

            Reviewed in crucible.

            Anatoli added a comment - Reviewed in crucible.

            Fixed on 3.0 stable, waiting for trunk thaw.

            David Taylor (Inactive) added a comment - Fixed on 3.0 stable, waiting for trunk thaw.

            Committed WebDAV fixes against http://developer.atlassian.com/jira/browse/WBDV-190. WebDAV 2.3 release is pending some issue reviews.

            David Taylor (Inactive) added a comment - Committed WebDAV fixes against http://developer.atlassian.com/jira/browse/WBDV-190 . WebDAV 2.3 release is pending some issue reviews.

            DavidA added a comment -

            DavidA added a comment - Related DACJ issue: http://developer.atlassian.com/jira/browse/WBDV-190

              dtaylor David Taylor (Inactive)
              mhrynczak Mark Hrynczak (Inactive)
              Affected customers:
              0 This affects my team
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: