Feb. 26 2014 Confluence security advisory

Robert Lauriston
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 25, 2014

This advisory's description says, "We have identified and fixed a vulnerability in Confluence which allowed unauthenticated users to commit actions on behalf of any other authorised user. In order to exploit this vulnerability, an attacker requires access to Confluence web interface."

If unauthorized users can access only the login page, signup is disabled, and the Confluence instance is not integrated with any other Atlassian products, is there any risk?

https://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2014-02-26

1 answer

0 votes
VitalyA February 26, 2014

The configuration you have described is still vulnerable.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events