Confluence 2.8 : Confluence Security Advisory 2007-08-08
This page last changed on Aug 07, 2007 by smaddox.
In this advisory: Error formatting macro: toc: java.lang.NullPointerException
Input in the RSS Feed Builder is not validatedVulnerabilityThe input for the RSS Feed Builder is not required to be escaped. This can make a Confluence instance vulnerable to an XSS attack. FixThis issue has been fixed in Confluence 2.5.6. For more information, please see CONF-8993. Atlassian recommends that you upgrade to Confluence 2.5.6.
Input when editing Space Permissions is not validatedVulnerabilityThe 'Grant permission to' field on the 'Edit Space Permissions' screen is not validated. This can make a Confluence instance vulnerable to an XSS or DoS attack. FixThis issue has been fixed in Confluence 2.5.6. For more information, please see CONF-8980 and CONF-8979. Atlassian recommends that you upgrade to Confluence 2.5.6.
Number of labels that can be added to a page is not restrictedVulnerabilityThere is no restriction on the number of labels that can be added to a page at a time. This can make a Confluence instance vulnerable to a DoS attack. FixThis issue has been fixed in Confluence 2.5.6. For more information, please see CONF-8978. Atlassian recommends that you upgrade to Confluence 2.5.6.
Input when editing navigation themes is not validatedVulnerabilityThe 'Navigation Page' specified in the 'Left Navigation Theme' configuration is not validated. This can make a Confluence instance vulnerable to a XSS attack. FixThis issue has been fixed in Confluence 2.5.6. For more information, please see CONF-8956. Atlassian recommends that you upgrade to Confluence 2.5.6.
Viewing of space content alphabetically is not validatedVulnerabilityWhen viewing space content by alphabetic character, the input is not validated as being alphabetic. This can make a Confluence instance vulnerable to an XSS attack. FixThis issue has been fixed in Confluence 2.5.6. For more information, please see CONF-8952. Atlassian recommends that you upgrade to Confluence 2.5.6.
Input when editing Space Name is not validatedVulnerabilityThe 'Name' field on the 'Edit Space Details' screen is not validated. This can make a Confluence instance vulnerable to an XSS attack. FixThis issue has been fixed in Confluence 2.5.6. For more information, please see CONF-8951. Atlassian recommends that you upgrade to Confluence 2.5.6.
Input when viewing attachments by file-type is not validatedVulnerabilityThe 'Filter By Extension' field on the 'List Space Attachments' screen is not validated. This can make a Confluence instance vulnerable to an XSS attack. FixThis issue has been fixed in Confluence 2.5.6. For more information, please see CONF-8950. Atlassian recommends that you upgrade to Confluence 2.5.6.
|
![]() |
Document generated by Confluence on Jun 24, 2008 18:01 |