Details
-
Bug
-
Status: Done
-
High
-
Resolution: Fixed
-
None
-
None
-
None
-
Sprint 122
-
0
Description
Description
During an internal security review a security flaw was uncovered where a Confluence user could leverage the Style Sheet macro to gain access to content and user details. We've mitigated this vulnerability by requiring URLs in this macro to be whitelisted via the Confluence whitelist feature. More information can be found in our documentation.
Affected Versions
This vulnerability effects all previous versions of the app.
Severity
This vulnerability has been rated as high, according to the scale published on the Common Vulnerability Scoring System(CVSS).
Based on our investigations, we have not found any instances of this vulnerability being exploited.
Recommendations
We recommend upgrading to Content Formatting version 6.4.1 or higher as soon as possible. If you are unable to upgrade at this time we recommend disabling the Style Sheet macro module in the Content Formatting App section of the Confluence Apps menu.