Atlassian advises of eight Confluence vulnerabilities

Australian software developer Atlassian has announced eight vulnerabilities in its enterprise Wiki product, Confluence, and says a new version of the application corrects them all.

Australian software developer Atlassian has announced eight vulnerabilities in its enterprise Wiki product, Confluence.

In a security bulletin issued today, the company warned of “*XSS Vulnerabilities in Various Confluence Macros* and said “We have identified and fixed a number of cross-site scripting (XSS) vulnerabilities which may affect Confluence instances, including publicly available instances (that is, internet-facing servers). XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a Confluence page.”

The company recommends that Confluence users upgrade to version 3.4.6, which fixes all the issues, as soon as possible. Users unable to do so are advised they can instead “disable public signup to your wiki until you have applied the necessary patch or upgrade. For even tighter control, you could restrict access to trusted groups.”

The eight vulnerabilities are:

1.      Vulnerability in Code macro, affecting Confluence 2.7 -- 3.4.

2.      Vulnerability in Attachments macro, affecting Confluence 3.3 -- 3.4.

3.      Vulnerability in Bookmarks macro, affecting Confluence 3.1 -- 3.4.3.

4.      Vulnerability in Global Reports macro, affecting Confluence 2.7 -- 3.4.3.

5.      Vulnerability in Recently Updated macro, affecting Confluence 3.0 - 3.4.3.

6.      Vulnerability in Pagetree macro, affecting Confluence 2.7 - 3.4.3

7.      Vulnerability in Create Space Button macro, affecting Confluence 2.7 - 3.4.3.

8.      Vulnerability in Documentation Link macro, affecting Confluence 2.7 -- 3.4.5

The statement announcing the flaws thanked “Dave B” for alerting the company to the issues, and added that “We fully support the reporting of vulnerabilities and we appreciate it when people work with us to identify and solve the problem.”

Read more on Application security and coding requirements

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

Close