-
Bug
-
Resolution: Fixed
-
Highest
-
4.1.7
-
None
-
4.3
-
LDAP directory users and groups exposed via the /users/userpicker.action.
There should be an option to restrict this to authenticated users only and perhaps this should be the default behavior.
The second exposed function that is part of this vulnerability is /spaces/opengrouppicker.action which can be accessed by anonymous users for internal directory browsing.
- is related to
-
-
- Closed
-
[CONFSERVER-25350] '/users/userpicker.action' exposes users loginids and full names in instance with anonymous access enabled
| Workflow | Original: JAC Bug Workflow v3 [ 2896974 ] | New: CONFSERVER Bug Workflow v4 [ 2990430 ] |
| Workflow | Original: JAC Bug Workflow v2 [ 2788601 ] | New: JAC Bug Workflow v3 [ 2896974 ] |
| Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |
| Workflow | Original: JAC Bug Workflow [ 2728258 ] | New: JAC Bug Workflow v2 [ 2788601 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2393271 ] | New: JAC Bug Workflow [ 2728258 ] |
| Labels | Original: affects-server bugfix cvss-medium loyalty security | New: affects-server cvss-medium loyalty security |
| Labels | Original: affects-server bugfix cvss-medium security | New: affects-server bugfix cvss-medium loyalty security |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 2288802 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2393271 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2227437 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 2288802 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2183021 ] | New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2227437 ] |
| Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 1951290 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2183021 ] |