-
Bug
-
Resolution: Fixed
-
Low
-
6.13.15, 7.4.4, 7.8.1
-
0
-
4
-
Severity 2 - Major
-
5
-
Problem Definition
The Backup & Restore administration page takes care of both Space Import and Site Restore on the same location.
The only straight differentiator to a site export and a space export is the name of the file, which can be changed while moving it from one place to another.
If, by mistake, the administrator uploads a site export file meaning to perform a space import, there will be no following warning and confirmation before the operations kicks-in and start to delete content from the database.
Suggested Solution
There could be 2 actions to a better solution on the UI:
- Keep both actions separated so there's no mistake on what type of operation the administrator is doing.
- When identifying this is a full site import, provide a warning and a confirmation on the UI before deleting content from the database.
Workaround
Validate the import on a lower environment before importing any content in a production instance.
As a Confluence administrator you may also inspect the export files for the following patterns:
- Space export.
- If not modified, the file name will be similar to Confluence-space-export-142829-4.xml.zip.
- Within the export .zip look for the contents of the exportDescriptor.properties file, which should indicate it's a Space export.
$ unzip -p Confluence-space-export-142829-4.xml.zip exportDescriptor.properties | grep ^exportType exportType=space
- Full site export.
- If not modified, the file name will be similar to xmlexport-20220630-142847-5.zip.
- Within the export .zip look for the contents of the exportDescriptor.properties file, which should indicate it's a full site export.
$ unzip -p xmlexport-20220630-142847-5.zip exportDescriptor.properties | grep ^exportType exportType=all
- was cloned as
-
CONFCLOUD-70695 As a Confluence administrator I would like to get a confirmation before starting a full site import/restore
- Gathering Interest
- is cloned by
-
CONFDEVSRV-1056 You do not have permission to view this issue
- is related to
-
PS-101110 You do not have permission to view this issue
- links to
- mentioned in
-
Page Failed to load
-
Page Loading...
-
-
-
-
-
-
-
-
| Form Name | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
[CONFSERVER-59730] As a Confluence administrator I would like to get a confirmation before starting a full site import/restore
Yes ... extremely easy to overwrite your existing instance with an export. It just happened in our environment. We received a "space" export from an internal customer that was actually a full site backup. We confirmed with customer that it was only a space export, but obviously they did not understand the difference. Thankfully, we run all imports through our dev/test environment. However, we are constantly performing migrations into our environment, and the potential risk for restoring over our instance is there.
Ok guys, till now, this was a suggestion.
I just tested a bad guy scenario and this is serious security flaw.
Steps to reproduce:
- Sign-up for free Confluence Cloud site
- Do site export
- Keep original name, it doesn't matter, because both site and space exports are "confluence-export.zip"
- Sent it to your target with message like "Hi, lets do a business, please see our architecture proposal in attached Confluence space".
What will happen?
Receiver will ask the admin to import the space.
Admin will import the space.
Confluence is gone.
Attack successful.
¯_(ツ)_/¯
Exactly - and i have done it twice now - once in prod and once in staging
This problem seems like an easy way to accidentally delete all the data in a Confluence instance! The lack of checking is very dangerous
Hi All,
This issue was fixed as part of the improvement to our backup/restore system released in Confluence 8.3.0. Admins now have to select whether they are restoring a site or space, and acknowledge a warning message before the restore job starts. As such, we're closing this ticket as fixed.
Thanks,
Jacqueline Bietz
Product Manager, Confluence Data Center