Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-9194

404 page can leak information when global anonymous access is disabled

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Fix
    • Medium
    • None
    • 2.4, 2.5
    • None

    Description

      When global "use confluence" is not enabled for anonymous users and an anonymous user tries to visit a URL that does not exist, the 404 page will still list all spaces which have individual anonymous access enabled. Confluence should not leak this information when global anonymous access is denied.

      In this scenario we should simply display a generic 404 page not found with a link to the login page.

      Attachments

        Issue Links

          is blocked by

          Bug - A problem which impairs or prevents the functions of the product. CONFSERVER-9283 404 Action doesn't get User Information

          • Medium - Medium priority issues
          • Closed
          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. CONFSERVER-6748 All users can see spaces which have anonymous access enabled, even when anonymous access is not globally enabled.

          • Low - Low priority issues
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. CONFSERVER-9688 Space names made visible to a non-authorised user upon entering a wrong URL

          • Low - Low priority issues
          • Closed

          Activity

            People

              Unassigned Unassigned
              christopher.owen@atlassian.com Christopher Owen [Atlassian]
              Votes:
              2 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: