Uploaded image for project: 'Content Formatting Development'
  1. Content Formatting Development
  2. CONTENTF-1107

Vulnerability and Fix for Content Formatting Macros for Confluence

    Details

    • Type: Bug
    • Status: Done (View Workflow)
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 6.3.5
    • Labels:
      None

      Description

      We were recently made aware of a security vulnerability in the Content Formatting Macros for Confluence plugin.

      The security vulnerability affects all releases up to and including version 6.3.4

       

      About the vulnerability

      The vulnerability was discovered within the LaTex Macro which allowed code to be executed after page rendering, thereby exposing user instances to cross-site scripting attacks. Subsequent investigations found that the Restful Table macro was also vulnerable to the same type of attack.

      This vulnerability has been rated as Critical according to Atlassian's Security Ranking Scale and was identified as part of an internal security audit of our source code. Once we became aware of the issue, the flaw was fixed immediately.

       

      How to fix the vulnerability

      In order to fix the vulnerability users must upgrade to Content Formatting Macro for Confluence version 6.3.5

        Attachments

          Structure

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              jabba Jimi Abbabiyi
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Structure Helper Panel