The Confluence drafts diff rest resource made the current content of all blogs and pages in Confluence available without authentication by providing a page id or draft id. Attackers who can access the Confluence web interface of a vulnerable version can use this vulnerability to obtain the content of all blogs and pages inside Confluence provided that they first enumerate page or draft ids.
Affected versions:
- All versions of Confluence starting with 6.0.0 before version 6.0.7 are affected by this vulnerability.
Fix:
- Confluence 6.1.1 is available for download from https://www.atlassian.com/software/confluence/download.
- Confluence 6.1.0 is available for download from https://www.atlassian.com/software/confluence/download-archives.
- Confluence 6.0.7 is available for download from https://www.atlassian.com/software/confluence/download-archives.
Risk Mitigation:
If you are unable to upgrade right now, this issue can be mitigated in vulnerable versions of Confluence by disabling Collaborative editing as per the following instructions.
- Go to
> General Configuration > Collaborative editing.
- Change the collaborative editing mode to Off. Be aware that shared drafts will be lost when you switch to this mode, so make sure your users have published any work they want to keep before you make the change.
- Refresh the page and check that the Collaborative editing mode has changed to "OFF".
Acknowledgements
We would like to credit Yuvanesh for reporting this issue to us.
For additional details see the full advisory.
Form Name |
---|
anton.litovtsenko this issue it is not related to that resource. It is related to a resource under
/rest/tinymce/
You maybe able to detect unauthenticated users attempting to exploit this issue by looking for a large number of access requests to a url under /rest/tinymce/ with different numbers in the url access path.