JSON-RPC API allows anonymous content rendering

XMLWordPrintable

    • 5

      The renderContent method can be used by anonymous users, leaking information, and allowing macro execution.

      Should the entire JSON-RPC be inaccessible to anonymous users if anonymous users can't use confluence?

              Assignee:
              Vu Truong Vo (Inactive)
              Reporter:
              Dougall Johnson
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: