-
Bug
-
Resolution: Fixed
-
Highest
-
2.7
-
None
We have identified and fixed a path traversal vulnerability in various Confluence actions. By exploiting a path traversal vulnerability, attackers can retrieve any file on the server that is running Confluence, based on the permissions of the user under which Confluence is running. Path traversal attacks are also called 'directory traversal' or dot-dot-slash (../) attacks.
You can read more about path traversal attacks at Open Web Application Security Project (OWASP) and other places on the web:
http://www.owasp.org/index.php/Path_Traversal
Please refer to the security advisory for details of the vulnerability, risk assessment and mitigation strategies:
http://confluence.atlassian.com/x/7ARODQ
[CONFSERVER-20668] Path traversal vulnerability in various Confluence actions
| Workflow | Original: JAC Bug Workflow v3 [ 2897103 ] | New: CONFSERVER Bug Workflow v4 [ 2990863 ] |
| Workflow | Original: JAC Bug Workflow v2 [ 2788717 ] | New: JAC Bug Workflow v3 [ 2897103 ] |
| Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |
| Workflow | Original: JAC Bug Workflow [ 2720636 ] | New: JAC Bug Workflow v2 [ 2788717 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2384114 ] | New: JAC Bug Workflow [ 2720636 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 2278411 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2384114 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2220022 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 2278411 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2175224 ] | New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2220022 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 1939261 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2175224 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v3 [ 1738038 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 1939261 ] |
| Workflow | Original: CONF Bug Subtask WF (TEMP) [ 1697105 ] | New: Confluence Workflow - Public Facing - Restricted v3 [ 1738038 ] |