Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 5.4.2
Affects Version/s: 5.2.3
Component/s: None
Labels:
- NCC
- affects-server
- cvss-medium
- invite
- loyalty
- security
Environment:

Confluence version 5.2.3 (standalone)
Running on Ubuntu Server 12.04.

CVSS Score:
4
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

The REST API which manages user invites ensures that only adminstrators can generate a new invite token. However, no similar access controls are present on the methods which are used to invite new users, or to revert to the previous security token – these can be successfully called by any authenticated user.

This could allow malicious Confluence users to control the security token which is in use (for example, if an administrator discovered that a token had been compromised and generated a new one, the attacker could use the method described below to revert to the previous one) or to invite new users to sign up to Confluence. The malicious user could also obtain the current token by requesting that an invite be sent to themselves.

Attachments

Issue Links

mentioned in: Page Loading...; Wiki Page Loading...

Activity

People

Assignee:: Issac Gerges (Inactive)

Reporter:: Richard Turnbull

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 20/Sep/2013 5:06 PM

Updated:: 11/Oct/2018 9:09 AM

Resolved:: 11/Dec/2013 2:32 AM