Preventing path disclosure in file upload functionality and Page export for security purposes

XMLWordPrintable

    • 1
    • Severity 3 - Minor
    • 1

      Issue Summary

      While performing the file upload vulnerability test in confluence application, we are able to identify the sensitive path disclosure in following cases.
      • When we attached some malicious file and tried to downloading all attachments.
      • When we uploaded malicious file and tried to export as word file.

      Expected Results

      A generic error message that does not reveal any sensitive information as error message in and remove the internal file path information from application

      Actual Results

      Sensitive information including path is visible in stack trace.

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

        1. Sensitive path disclosure error.PNG
          101 kB
          Anuj Sharma

            Assignee:
            Unassigned
            Reporter:
            Anuj Sharma
            Votes:
            2 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: