Details
-
Bug
-
Resolution: Fixed
-
Low
-
4.2.13, 5.2, 5.2.3
-
Confluence version 5.2.3 (standalone) on Ubuntu
-
4
-
Description
The doconfiguretheme action allows for configuration of the Documentation theme for Confluence. This action is defined in two namespaces, one of which is accessible by any user of Confluence (including anonymous users, if anonymous use of Confluence is allowed). If this action is executed with no space specified, it is applied to all spaces that have not already configured the Documentation theme without any access checks.
The doconfiguretheme action can be accessed by a user using the form at:
/spaces/doctheme/configuretheme.action?key=spacekey
If the "key" parameter is removed, the submitted form will demonstrate the vulnerability.