Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-30792

Incorrect error message in session/check REST resource

    XMLWordPrintable

Details

    Description

      To reproduce, request:

      /rest/prototype/1/session/check/notmycurrentusername

      The response is:

      Expected user >{}< but was >{}<

      The format string at plugins/rest/resources/UserSession.java, line 101, is incorrect, resulting in this output. This issue has no security implications, but care should be taken to not introduce an XSS while fixing this, as it is currently served as text/html.

      Attachments

        Issue Links

          is incorporated by

          Bug - A problem which impairs or prevents the functions of the product. CONFSERVER-39689 Rest API XSS

          • Medium - Medium priority issues
          • Closed

          Activity

            People

              Unassigned Unassigned
              djohnson@atlassian.com Dougall Johnson
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: