h3. Issue Summary
While performing the file upload vulnerability test in confluence application, we are able to identify the sensitive path disclosure in following cases. • When we attached some malicious file and tried to downloading all attachments. • When we uploaded malicious file and tried to export as word file. h3. Expected Results
A generic error message that does not reveal any sensitive information as error message in and remove the internal file path information from application h3. Actual Results
Sensitive information including path is visible in stack trace.
!Sensitive path disclosure error.PNG! h3. Workaround
Currently there is no known workaround for this behavior. A workaround will be added here when available