Security Vulnerability in Confluence Remote API

2010-11-03T03:44:17
ID ATLASSIAN:CONFSERVER-21162
Type atlassian
Reporter shawse
Modified 2017-02-17T05:21:23

Description

We have identified and fixed a vulnerability in the Remote API which affects Confluence instances, including publicly available instances. The [Remote API|http://confluence.atlassian.com/display/DOC/Enabling+the+Remote+API] allows an attacker to escalate user privileges, excluding the level of system administrator privileges.

This issue is reported in our security advisory on this page: http://confluence.atlassian.com/x/FAZ7DQ