-
Bug
-
Resolution: Fixed
-
Low
-
7.4.0, 7.13.0, 7.15.0
-
40
-
Severity 3 - Minor
-
64
-
NOTE: This suggestion is for Confluence Server.
Problem Definition
The Confluence error page typically displays "Oops - an error has occurred", it displays System error, the cause, then the stack trace that deals with that error. This is not desirable for all instances as it could be a security risk or provide unnecessary complexity for normal users.
As noted in Open Web Application Security's Improper Error Handling suggestions:
Improper handling of errors can introduce a variety of security problems for a web site. The most common problem is when detailed internal error messages such as stack traces, database dumps, and error codes are displayed to the user (hacker). These messages reveal implementation details that should never be revealed. Such details can provide hackers important clues on potential flaws in the site and such messages are also disturbing to normal users.
Suggested Solution
Have Confluence error pages have the possibility to have admins edit this page to not show the stack trace (or display a custom message) and just inform the user that an error has happened and that he/she need to grab assistance from the admin.
- is cloned from
-
JRASERVER-40711 Add the possibility to edit Jira error pages
- Gathering Interest
- is related to
-
CONFSERVER-83396 Confluence System error page is displaying environment details.
- Closed
- relates to
-
CONFSERVER-63616 Adding an extra forward slash '/' in the download attachment URL results in a stack trace.
- Closed
- links to