A user was created and the system gave him access to all confluence sites

WEB ADMIN IATAI January 27, 2025

 

A user was created and the system gave him access to all the Confluence sites. The user was created as a normal user, but we observed that there is a security flaw in Confluence since it gave access to all the sites to a user without being an admin.

1 answer

0 votes
Shawn Doyle - ReleaseTEAM
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
January 27, 2025

Hi @WEB ADMIN IATAI 

Pics or it didn't happen :)

I would look at what default groups your site is adding to new users and what groups are allowed access to each space.  It's likely you have a default user group that has access to all spaces.

WEB ADMIN IATAI January 27, 2025

The user was created without access to sites, we went to validate the next day and we see that it is allowed on all sites

it was not included in any group

Shawn Doyle - ReleaseTEAM
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
January 27, 2025

Are you sure they are not in any groups?

A group membership is required for product access, so if they can access all spaces they are in a group.

https://support.atlassian.com/user-management/docs/default-groups-and-permissions/

 

WEB ADMIN IATAI January 27, 2025

Yes, I'm sure

 

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events