Details
-
Bug
-
Resolution: Unresolved
-
Medium
-
None
-
2.10
-
3
-
Severity 2 - Major
-
1
-
Description
At present, if a Confluence space admin allows Anonymous to remove attachments, web spiders can crawl and execute the removeattachment action.
Attachments
Issue Links
- incorporates
-
CONFSERVER-14147 'Disable plugin' should be POST, not GET
- Closed
- is duplicated by
-
CONFSERVER-11856 Remove attachment action submitted via GET rather than POST
- Closed
-
CONFSERVER-14924 Attachments can be deleted via GET requests
- Closed
-
CONFSERVER-21141 wget deletes attachments
- Closed
- is related to
-
CONFSERVER-11144 Attachments deleted due to google crawled and no 'nofollow' link
- Closed
-
CONFSERVER-13671 Unable to delete attachments with German Umlaut like Ü, Ä or Ö in the filename
- Closed
-
CONFSERVER-13945 History version comparison should never be a POST
- Closed
- relates to
-
CONFSERVER-14024 Deleting Attachment via "Open in New Tab" differs when clicking on the link
- Closed