Uploaded image for project: 'Confluence Server and Data Center'
  1. Confluence Server and Data Center
  2. CONFSERVER-9727

Security Issue: Access to wiki pages, although anonymous access is disabled

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Medium
    • Resolution: Duplicate
    • Affects Version/s: 2.5.4
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Environment:

      Description

      While testing the Confluence Wiki, we disabled the anonymous access to the Wiki.

      Nevertheless, access to several Wiki pages is still possible while not being logged in (=anonymous access).

      To reproduce the error, use the latest standalone where anonymous access is disabled by default. Then use any of the links below, e.g.

      http://<confluence based url>/dwr/index.html
      http://<confluence based url>/labels-javascript
      http://<confluence based url>/download
      http://<confluence based url>/rpc/xmlrpc
      http://<confluence based url>/rpc/soap-axis/confluenceservice-v1?wsdl
      http://<confluence based url>/setup/setupadministrator.vm

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              vchang Vincent Chang
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: