• Type: Bug
• Resolution: Fixed
• Priority: Highest
• Fix Version/s: 3.1-beta2, 3.1
• Affects Version/s: 3.0.2
• Component/s: Editor - Attachment
• Labels:

  • affects-server
  • editor
  • files
  • macros-gallery-macro
  • qa-manual
  • xss

[CONFSERVER-17361] XSS vulnerability can be exploited using the Gallery macro

Collapse comment: Giles Gaskell [Atlassian] added a comment - 09/Dec/2009 12:43 AM

Giles Gaskell [Atlassian] added a comment - 09/Dec/2009 12:43 AM

Confluence Administrators — fixing this vulnerability:

Version 1.6.2.11 of Confluence's 'Advanced Macros' plugin contains this fix. (For more information, please refer to: https://plugins.atlassian.com/plugin/details/145).

Version 1.6.2.11 of this plugin is compatible with versions of Confluence back to 3.0.0. Hence, to fix this vulnerability, please upgrade the version of this plugin in your Confluence installation, to at least 1.6.2.11.

To do this, go the 'Atlassian Plugin Repository' in your Confluence Administration console area and upgrade the 'Advanced Macros' plugin to version 1.6.2.11 (or greater).

Expand comment: Giles Gaskell [Atlassian] added a comment - 09/Dec/2009 12:43 AM

Giles Gaskell [Atlassian] added a comment - 09/Dec/2009 12:43 AM Confluence Administrators — fixing this vulnerability: Version 1.6.2.11 of Confluence's 'Advanced Macros' plugin contains this fix. (For more information, please refer to: https://plugins.atlassian.com/plugin/details/145 ). Version 1.6.2.11 of this plugin is compatible with versions of Confluence back to 3.0.0. Hence, to fix this vulnerability, please upgrade the version of this plugin in your Confluence installation, to at least 1.6.2.11. To do this, go the 'Atlassian Plugin Repository' in your Confluence Administration console area and upgrade the 'Advanced Macros' plugin to version 1.6.2.11 (or greater).

Collapse comment: Anatoli added a comment - 12/Nov/2009 6:50 AM

Anatoli added a comment - 12/Nov/2009 6:50 AM

The version of the macro that is compatible with confluence 3.0.x is available here

Expand comment: Anatoli added a comment - 12/Nov/2009 6:50 AM

Anatoli added a comment - 12/Nov/2009 6:50 AM The version of the macro that is compatible with confluence 3.0.x is available here

Collapse comment: Anatoli added a comment - 12/Nov/2009 4:46 AM

Anatoli added a comment - 12/Nov/2009 4:46 AM

The new version of the advanced macros plugin that fixes this problem has been released and is now bundled with confluence 3.1. We will release the version of the plugin that is compatible with confluence 3.0.x.

Expand comment: Anatoli added a comment - 12/Nov/2009 4:46 AM

Anatoli added a comment - 12/Nov/2009 4:46 AM The new version of the advanced macros plugin that fixes this problem has been released and is now bundled with confluence 3.1. We will release the version of the plugin that is compatible with confluence 3.0.x.

Collapse comment: Anatoli added a comment - 10/Nov/2009 3:40 AM

Anatoli added a comment - 10/Nov/2009 3:40 AM

corresponding issue in the plugin's project: https://developer.atlassian.com/jira/browse/ADVMACROS-140

Expand comment: Anatoli added a comment - 10/Nov/2009 3:40 AM

Anatoli added a comment - 10/Nov/2009 3:40 AM corresponding issue in the plugin's project: https://developer.atlassian.com/jira/browse/ADVMACROS-140

Collapse comment: Per Fragemann [Atlassian] added a comment - 28/Oct/2009 6:52 AM

Per Fragemann [Atlassian] added a comment - 28/Oct/2009 6:52 AM

Mark, I hate it when you spoil my evening....

Expand comment: Per Fragemann [Atlassian] added a comment - 28/Oct/2009 6:52 AM

Per Fragemann [Atlassian] added a comment - 28/Oct/2009 6:52 AM Mark, I hate it when you spoil my evening....