Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 5.5.1
Affects Version/s: 5.4.3
Component/s: Core - Content REST APIs
Labels:

CVSS Score:
5

The renderContent method can be used by anonymous users, leaking information, and allowing macro execution.

Should the entire JSON-RPC be inaccessible to anonymous users if anonymous users can't use confluence?

relates to

CONFCLOUD-54452 JSON-RPC API functions available anonymously even though anonymous API access is disabled.

Closed

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(1 mentioned in)

Assignee:: Vu Truong Vo (Inactive)
Reporter:: Dougall Johnson
Votes:: 1 Vote for this issue
Watchers:: 5 Start watching this issue

Created:: 17/Mar/2014 2:18 AM
Updated:: 11/Oct/2018 8:48 AM
Resolved:: 28/Apr/2014 3:32 AM