This advisory's description says, "We have identified and fixed a vulnerability in Confluence which allowed unauthenticated users to commit actions on behalf of any other authorised user. In order to exploit this vulnerability, an attacker requires access to Confluence web interface."
If unauthorized users can access only the login page, signup is disabled, and the Confluence instance is not integrated with any other Atlassian products, is there any risk?
https://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2014-02-26
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.