[CONTENTF-1107] Vulnerability and Fix for Content Formatting Macros for Confluence - Product Support

XML

Word

Printable

JSON

Details

Type: Bug
Status: Done
Priority: Critical
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 6.3.5
Component/s: None
Labels:
None

Epic Link:
CFM Bug Fixing
Critical Points:
0

Description

We were recently made aware of a security vulnerability in the Content Formatting Macros for Confluence plugin.

The security vulnerability affects all releases up to and including version 6.3.4

About the vulnerability

The vulnerability was discovered within the LaTex Macro which allowed code to be executed after page rendering, thereby exposing user instances to cross-site scripting attacks. Subsequent investigations found that the Restful Table macro was also vulnerable to the same type of attack.

This vulnerability has been rated as Critical according to Atlassian's Security Ranking Scale and was identified as part of an internal security audit of our source code. Once we became aware of the issue, the flaw was fixed immediately.

How to fix the vulnerability

In order to fix the vulnerability users must upgrade to Content Formatting Macro for Confluence version 6.3.5

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Jimi Abbabiyi

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 17/Sep/19 2:49 PM

Updated:: 01/Oct/19 8:40 AM

Resolved:: 17/Sep/19 3:08 PM