Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,467,219
Community Members
 
Community Events
177
Community Groups

How really private is Confluence? Suspicious access.

I found out today that a person named Neha Ghuraiya has Admin rights on one of my Confluence Space.

Find attached a screenshot of the space permissions.

Screenshot 2022-03-06 at 08-11-08 View Space Permissions - Administration - Confluence.png

I do not know this person. After a quick search, it seems to be an Atlassian engineer (her LinkedIn profil here).

I am seriously worried that anyone from Atlassian could get into my Confluence content, showing at serious lake of respect of privacy.

It is not the first time I see this. Few weeks ago I saw the same thing in another of my Confluence Space. At that time I just fixed the permissions, and took no screenshot neither did I report it. But I think this was the same person.

I did not yet go through all my Confluence Spaces to see if other Spaces are "infected". I only checked few.

This bring me to a serious question: how private is the content of Confluence?...

2 comments

Andy Gladstone Community Leader Mar 06, 2022

@Patrick Joalland are you sure that none of the other admins on the site have not recently opened support requests with Atlassian that would require an Atlassian engineer to gain access to your site? It is a common request from Atlassian when opening a support request to be granted access to the site/instance so they can troubleshoot.

Hi Andy,

Thank you for the suggestion.

But I am the only administrator of this Confluence instance. If I had given access to a IT support person, I would remember and would have removed it straight after. I do not have any logs of such a request...

And if someone did asked access for a support, how come that the permission has not been removed when support has been closed...?

Ok, I went through my support tickets, you are right Andy. My fault I did not check previously. Neha worked on a support request. Access was granted. Support then said at the end of the support that the access has been removed. Obviously not...

So, the issue is that permission were not removed by Atlassian at the end of the support.

Like Andy Gladstone likes this

Hi @Patrick Joalland 

I worked on this support Ticket where you were not able to view your space, hence I recovered the permissions to check if you are added to space permissions or not.

when any admin recovers space permission the user will be added to the individual user permission and to revoke permission, an admin needs to remove the user manually from space.

Unfortunately, after suggesting the resolution I missed removing the user from your space but as we have revoked the user permission from your site we do not have any access to your space, as you can see "Neha" is an unlicensed user. 

As per the screenshot you have space admin permission so you should be able to remove this unlicensed user from your space.

I apologize for the inconvenience it has caused. Please let me know if you have any concerns.

Like # people like this

Hi @Neha Ghuraiya ,

Thank you for your answer. You are right, it was just about a user left after you helped me.

Everything is fine, thank you for the details of your answer.

Like Andy Gladstone likes this

Just like to say to everyone involved in this (as it is sensitive topic, and security is so darn  important in this day and age) that this conversation was open, constructive and although a sticky topic  - people owned their actions and admitted there mistakes and did the right thing. 

Good quality communication is so important! Hmmm reading this has made my day better!

Again thanks to all involved.

Steve

Like Andy Gladstone likes this

Comment

Log in or Sign up to comment
TAGS

Atlassian Community Events