Confluence SharePoint Connector 1.3 : SharePoint Connector Security Advisory 2010-11-29
This page last changed on Nov 28, 2010 by jclark@atlassian.com.
In this advisory: Security Vulnerability in Confluence Permission Checker RPC PluginSeverityAtlassian rates the severity level of this vulnerability as high, according to the scale published in Severity Levels for Security Issues. The scale allows us to rank the severity as critical, high, moderate or low. Risk AssessmentWe have identified and fixed a vulnerability in the Permission Checker RPC plugin, which is installed by default on all Confluence instances running the SharePoint Connector for Confluence. This vulnerability allows an attacker to access the wiki markup and/or rendered HTML of all Confluence pages in all spaces, even if permissions are applied which would only allow access to a specific sub-set of users. VulnerabilityThe table below describes the versions of the Permission Checker RPC plugin and SharePoint Connector affected by the vulnerability.
Risk MitigationWe recommend that you upgrade your Permission Checker RPC plugin to the latest version in order to fix this vulnerability. We strongly advise that you disable the remote API until your Confluence instance is patched or upgraded. If the remote API is vital, we recommend you disable anonymous access to the remote API. We also recommend that you read our guidelines on best practices for configuring Confluence security. FixVersion 1.2.2 of the Permission Checker RPC plugin fixes this issue. You can download this version from the Atlassian Plugin Exchange. Alternatively, you can install the latest version of the plugin through the Confluence Administration Console. See the guide to installing plugins. |
![]() |
Document generated by Confluence on Feb 20, 2011 21:50 |