Uploaded image for project: 'Content Formatting Development'
  1. Content Formatting Development
  2. CONTENTF-1150

CFM - 2019/11 Vulnerability & Patch (Public)

    Details

    • Type: Bug
    • Status: Done (View Workflow)
    • Priority: High
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 6.4.1
    • Labels:
      None

      Description

      Description

      During an internal security review a security flaw was uncovered where a Confluence user could leverage the Style Sheet macro to gain access to content and user details. We've mitigated this vulnerability by requiring URLs in this macro to be whitelisted via the Confluence whitelist feature. More information can be found in our documentation.

      Affected Versions

      This vulnerability effects all previous versions of the app.  

      Severity

      This vulnerability has been rated as high, according to the scale published on the Common Vulnerability Scoring System(CVSS). 

      Based on our investigations, we have not found any instances of this vulnerability being exploited.

      Recommendations

      We recommend upgrading to Content Formatting version 6.4.1 or higher as soon as possible. If you are unable to upgrade at this time we recommend disabling the Style Sheet macro module in the Content Formatting App section of the Confluence Apps menu. 

       

        Attachments

          Issue Links

            Structure

              Activity

                People

                Assignee:
                Unassigned
                Reporter:
                dlindsay Dylan Lindsay
                Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    Structure Helper Panel