-
Bug
-
Resolution: Fixed
-
Medium
-
5.4.3
-
5
-
The renderContent method can be used by anonymous users, leaking information, and allowing macro execution.
Should the entire JSON-RPC be inaccessible to anonymous users if anonymous users can't use confluence?
Form Name |
---|
[CONFSERVER-32955] JSON-RPC API allows anonymous content rendering
Workflow | Original: JAC Bug Workflow v3 [ 2884290 ] | New: CONFSERVER Bug Workflow v4 [ 2979254 ] |
Workflow | Original: JAC Bug Workflow v2 [ 2787784 ] | New: JAC Bug Workflow v3 [ 2884290 ] |
Status | Original: Resolved [ 5 ] | New: Closed [ 6 ] |
Workflow | Original: JAC Bug Workflow [ 2736030 ] | New: JAC Bug Workflow v2 [ 2787784 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2389703 ] | New: JAC Bug Workflow [ 2736030 ] |
Labels | Original: affects-server bugfix cvss-medium loyalty rest-api security | New: affects-server cvss-medium loyalty rest-api security |
Labels | Original: affects-server bugfix cvss-medium rest-api security | New: affects-server bugfix cvss-medium loyalty rest-api security |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 2286177 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2389703 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2225883 ] | New: Confluence Workflow - Public Facing - Restricted v5 [ 2286177 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2180249 ] | New: Confluence Workflow - Public Facing - Restricted v5.1 - TEMP [ 2225883 ] |
Workflow | Original: Confluence Workflow - Public Facing - Restricted v5 [ 1946993 ] | New: Confluence Workflow - Public Facing - Restricted v5 - TEMP [ 2180249 ] |