Details
-
Bug
-
Resolution: Fixed
-
Low
-
5.2.3
-
None
-
Confluence version 5.2.3 (standalone)
Running on Ubuntu Server 12.04.
-
4
-
Description
The REST API which manages user invites ensures that only adminstrators can generate a new invite token. However, no similar access controls are present on the methods which are used to invite new users, or to revert to the previous security token – these can be successfully called by any authenticated user.
This could allow malicious Confluence users to control the security token which is in use (for example, if an administrator discovered that a token had been compromised and generated a new one, the attacker could use the method described below to revert to the previous one) or to invite new users to sign up to Confluence. The malicious user could also obtain the current token by requesting that an invite be sent to themselves.