Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 7.19.5, 8.1.0, 7.13.13
Affects Version/s: 7.13.0
Component/s: Security
Labels:
- 2af
- devhelp
- panther
- resolved-in-vf
- security
- security-imported

Support reference count:
1
Symptom Severity:
Severity 3 - Minor
UIS:
0
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Summary

On Confluence server 6.12.2 requesting wrong REST URL /rest/cql/contenttypes?category=test we will see full stack-trace.

The same we can see at https://confluence.atlassian.com/rest/cql/contenttypes?category=test

On production, a regular user should not see the stack-trace when an error happens.

Steps to Reproduce

Go to an incorrect REST URL

Expected Results

An error message without stack-trace

Actual Results

An error message with stack-trace

<status>
<status-code>500</status-code>
<message>Unrecognised type category : test</message>
<stack-trace>
com.atlassian.confluence.api.service.exceptions.BadRequestException: Unrecognised type category : test at com.atlassian.confluence.plugins.cql.rest.CQLMetaDataResource.contentTypes(CQLMetaDataResource.java:73) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498)
...

Attachments

Issue Links

follows: VULN-905089 Loading...

links to

Original (master branch) ticket on AsecJ > VULN

relates to: DEVHELP-1962 Loading...

Activity

People

Assignee:: Anoop Singh

Reporter:: Gatis Tomsons

Votes:: 2 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Due:: 30/Nov/2022

Created:: 20/Dec/2018 1:10 AM

Updated:: 23/Feb/2023 11:41 PM

Resolved:: 15/Feb/2023 4:54 AM