Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 5.4.1, 5.4-OD-4
Affects Version/s: 4.2.13, 5.2, 5.2.3
Component/s: Themes / Theming
Labels:
Environment:

Confluence version 5.2.3 (standalone) on Ubuntu

CVSS Score:
4
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

The doconfiguretheme action allows for configuration of the Documentation theme for Confluence. This action is defined in two namespaces, one of which is accessible by any user of Confluence (including anonymous users, if anonymous use of Confluence is allowed). If this action is executed with no space specified, it is applied to all spaces that have not already configured the Documentation theme without any access checks.

The doconfiguretheme action can be accessed by a user using the form at:

/spaces/doctheme/configuretheme.action?key=spacekey

If the "key" parameter is removed, the submitted form will demonstrate the vulnerability.

Attachments

Issue Links

mentioned in: Page Loading...; Wiki Page Loading...

Activity

People

Assignee:: PatrickA

Reporter:: Phillip Langlois

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 01/Oct/2013 11:07 AM

Updated:: 11/Oct/2018 8:37 AM

Resolved:: 27/Nov/2013 4:51 AM