Details
-
Bug
-
Resolution: Fixed
-
Medium
-
4.1, 4.2, 4.3, 5.0-OD-25
-
None
-
4.3
-
Description
NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report.
Summary of The Bug
By browsing to the following URL path user would be able to download any files under <Conf_Install_Dir>/confluence/WEB-INF/...
<Server Base URL>/s/1519/3/1.0/_/WEB-INF/...
The above URL will be accessible by any users including anonymous even to an instance that does not allow anonymous access
Notes
This issue is not reproducible in IE9 (IE8 leads to the same issue)
Attachments
Issue Links
- relates to
-
CONFCLOUD-27693 Default application configuration files are available for download
- Closed
-
CONFSERVER-26888 Arbitrary resource file download in urlrewrite.xml
- Closed
-
PLUGWEB-24 Loading...
-
BDEV-2267 Loading...
- was cloned as
-
JRASERVER-31187 Default application configuration files are available for download
- Closed
-
CONFSERVER-30820 Default application configuration files are available for download
- Closed
- links to