Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How really private is Confluence? Suspicious access.

Patrick Joalland
Patrick Joalland
Contributor
March 6, 2022

I found out today that a person named Neha Ghuraiya has Admin rights on one of my Confluence Space.

Find attached a screenshot of the space permissions.

Screenshot 2022-03-06 at 08-11-08 View Space Permissions - Administration - Confluence.png

I do not know this person. After a quick search, it seems to be an Atlassian engineer (her LinkedIn profil here).

I am seriously worried that anyone from Atlassian could get into my Confluence content, showing at serious lake of respect of privacy.

It is not the first time I see this. Few weeks ago I saw the same thing in another of my Confluence Space. At that time I just fixed the permissions, and took no screenshot neither did I report it. But I think this was the same person.

I did not yet go through all my Confluence Spaces to see if other Spaces are "infected". I only checked few.

This bring me to a serious question: how private is the content of Confluence?...

Comment
Watch
Like # people like this
1052 views

2 comments

Comment

Log in or Sign up to comment
Andy Gladstone
Andy Gladstone
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
March 6, 2022

@Patrick Joalland are you sure that none of the other admins on the site have not recently opened support requests with Atlassian that would require an Atlassian engineer to gain access to your site? It is a common request from Atlassian when opening a support request to be granted access to the site/instance so they can troubleshoot.

Like
Reply
Patrick Joalland
Patrick Joalland
Contributor
March 6, 2022

Hi Andy,

Thank you for the suggestion.

But I am the only administrator of this Confluence instance. If I had given access to a IT support person, I would remember and would have removed it straight after. I do not have any logs of such a request...

And if someone did asked access for a support, how come that the permission has not been removed when support has been closed...?

Like
Patrick Joalland
Patrick Joalland
Contributor
March 6, 2022

Ok, I went through my support tickets, you are right Andy. My fault I did not check previously. Neha worked on a support request. Access was granted. Support then said at the end of the support that the access has been removed. Obviously not...

So, the issue is that permission were not removed by Atlassian at the end of the support.

Like Andy Gladstone likes this
Neha Ghuraiya
Neha Ghuraiya
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 24, 2022

Hi @Patrick Joalland 

I worked on this support Ticket where you were not able to view your space, hence I recovered the permissions to check if you are added to space permissions or not.

when any admin recovers space permission the user will be added to the individual user permission and to revoke permission, an admin needs to remove the user manually from space.

Unfortunately, after suggesting the resolution I missed removing the user from your space but as we have revoked the user permission from your site we do not have any access to your space, as you can see "Neha" is an unlicensed user. 

As per the screenshot you have space admin permission so you should be able to remove this unlicensed user from your space.

I apologize for the inconvenience it has caused. Please let me know if you have any concerns.

Like # people like this
Patrick Joalland
Patrick Joalland
Contributor
August 30, 2022

Hi @Neha Ghuraiya ,

Thank you for your answer. You are right, it was just about a user left after you helped me.

Everything is fine, thank you for the details of your answer.

Like Andy Gladstone likes this
Steve Abrahall
Steve Abrahall March 29, 2022

Just like to say to everyone involved in this (as it is sensitive topic, and security is so darn  important in this day and age) that this conversation was open, constructive and although a sticky topic  - people owned their actions and admitted there mistakes and did the right thing. 

Good quality communication is so important! Hmmm reading this has made my day better!

Again thanks to all involved.

Steve

Like Andy Gladstone likes this
Reply
groups-icon
Confluence Cloud Admins
TAGS
AUG Leaders

Atlassian Community Events

    See all events