Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-32955

JSON-RPC API allows anonymous content rendering

    XMLWordPrintable

Details

    Description

      The renderContent method can be used by anonymous users, leaking information, and allowing macro execution.

      Should the entire JSON-RPC be inaccessible to anonymous users if anonymous users can't use confluence?

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. CONFCLOUD-54452 JSON-RPC API functions available anonymously even though anonymous API access is disabled.

          • Medium - Medium priority issues
          • Closed
          mentioned in

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Page Loading...

          Activity

            People

              vvo Vu Truong Vo (Inactive)
              djohnson@atlassian.com Dougall Johnson
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: