19 matches found
PT-2022-3814 · Atlassian · Questions For Confluence +1
Name of the Vulnerable Software and Affected Versions: Atlassian Questions For Confluence app versions 2.7.34 through 3.0.2 Description: The Atlassian Questions For Confluence app creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded...
Atlassian Confluence Questions Cross-Site Request Forgery Vulnerability
Atlassian Confluence Questions is a suite of specialized enterprise knowledge management and collaboration software from Atlassian Australia, which can also be used to build enterprise WiKi's. The software enables collaboration and knowledge sharing among team members. A cross-site request forger...
Atlassian Confluence Questions Cross-Site Request Forgery Vulnerability (CNVD-2018-17881)
Atlassian Confluence Questions is a suite of specialized enterprise knowledge management and collaboration software from Atlassian Australia, which can also be used to build enterprise WiKi's. The software enables collaboration and knowledge sharing among team members. A cross-site request forger...
CVE-2018-13394
The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery CSRF vulnerability...
CVE-2018-13393
The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery CSRF...
CVE-2018-13393
The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery CSRF...
CVE-2018-13394
The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery CSRF vulnerability...
CVE-2018-13393
The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery CSRF...
The acceptAnswer resource of Confluence Questions was vulnerable to CSRF - CVE-2018-13394
The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to make a user accept an answer via a Cross-site request forgery CSRF vulnerability...
The acceptAnswer resource of Confluence Questions was vulnerable to CSRF - CVE-2018-13394
The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to make a user accept an answer via a Cross-site request forgery CSRF vulnerability...
The convertCommentToAnswer resource of Confluence Questions was vulnerable to CSRF - CVE-2018-13393
The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to make a user modify a comment into an answer via a Cross-site request forge...
The convertCommentToAnswer resource of Confluence Questions was vulnerable to CSRF - CVE-2018-13393
The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to make a user modify a comment into an answer via a Cross-site request forge...
XSRF check failure when trying to add a logo to a topic
h3. Steps to reproduce Create a topic in Confluence Questions. Select an image as a logo. Click Done. h3. Expected results The topic is created with the chosen logo. h3. Actual results The topic is created, but with the default tag logo. h3. Notes The same thing occurs when trying to add a logo t...
XSRF check failure when trying to add a logo to a topic
h3. Steps to reproduce Create a topic in Confluence Questions. Select an image as a logo. Click Done. h3. Expected results The topic is created with the chosen logo. h3. Actual results The topic is created, but with the default tag logo. h3. Notes The same thing occurs when trying to add a logo t...
Confluence Security Settings not respected by Confluence Questions
Hi Atlassian team, in our Confluence configuration we set "User email visibility" to "only visible to site administrators" However, we use the Confluence Questions plugin and if we click there on a Contact and "Contact info", the email is displayed even to anonymous users. As I am on vaccation fo...
Confluence Security Settings not respected by Confluence Questions
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47587. panel Hi Atlassian team, in our Confluence configuration we set "User email visibility" to "only visible to site...
Confluence Security Settings not respected by Confluence Questions
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47587. panel Hi Atlassian team, in our Confluence configuration we set "User email visibility" to "only visible to site...
Confluence Security Settings not respected by Confluence Questions
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-47587. panel Hi Atlassian team, in our Confluence configuration we set "User email visibility" to "only visible to site...
Lack of CSRF protection on Voting
On Confluence Questions, answers and questions can be upvoted by the victim automatically on a question page visit, due to the lack of CSRF protection. When up voting a question manually, whilst on the question page, a single post request is issued: e.g. POST...