27 matches found
EUVD-2012-6315
Malware in sbrugna...
PT-2023-32070 · WordPress · Carousel
Name of the Vulnerable Software and Affected Versions: The Carousel, Recent Post Slider and Banner Slider plugin for WordPress versions up to, and including, 2.0 Description: The issue is related to Stored Cross-Site Scripting via the spice post slider shortcode due to insufficient input...
Automattic: Users can bypass page restrictions via Export feature at "Share" feature in CrowdSignal
Summary: Hi team, If you upgraded your account, you can share your survey results via "Share" button. F893428 As you can see, I selected Results page on Allow access to the following. So user will access only Results page. But if user has the Export feature. User can export the restricted pages...
Cisco IM and Presence Service Elevation of Privilege Vulnerability
Cisco IM and Presence Service provides enterprise-class instant messaging and network presence services. A security vulnerability exists in the Cisco IM and Presence Service that does not properly enforce web page restrictions, which can be exploited by an authenticated, remote attacker to gain...
Member of confluence-administrators group able to see restricted page in pagetree, quick search and navigation panel
Bug Background Confluence super-users or member of confluence-administrators group should be able to access any content in Confluence including restricted content as long as it have the direct URL to access as describe in our documentation...
Member of confluence-administrators group able to see restricted page in pagetree, quick search and navigation panel
Bug Background Confluence super-users or member of confluence-administrators group should be able to access any content in Confluence including restricted content as long as it have the direct URL to access as describe in our documentation...
Subpages don't inherit permissions from parent pages (see comments for solution)
We are currently experiencing a serious issue with page restrictions. We have pages with restrictions, that have sub pages, which were created by users, that were deleted from the user directory in the meantime. These root-pages have read restrictions, set for a particular group. However, these s...
Subpages don't inherit permissions from parent pages (see comments for solution)
We are currently experiencing a serious issue with page restrictions. We have pages with restrictions, that have sub pages, which were created by users, that were deleted from the user directory in the meantime. These root-pages have read restrictions, set for a particular group. However, these s...
Any user without permission to view the page can view its label
h4. Steps to Reproduce: Create a Page with user A Add a label to the page Assign Page Restrictions Restrict viewing to me Login with user B user B can see all labels including label of user A's page h4. Expected Results: Described that "Global labels are visible to all users with 'view' permissio...
@mention Notification for Comments on Restricted Page in Confluence 5.4.x
In Confluence 5.4.x versions, the user is getting comment notifications in a page that he's restricted to view. If you restrict an user to view or edit the page through 'Tools Restrictions' and then comment in a page, the user will get the notification about it in the Workbox. h4.Steps to...
@mention Notification for Comments on Restricted Page in Confluence 5.4.x
In Confluence 5.4.x versions, the user is getting comment notifications in a page that he's restricted to view. If you restrict an user to view or edit the page through 'Tools Restrictions' and then comment in a page, the user will get the notification about it in the Workbox. h4.Steps to...
Activity stream not respecting parent page restrictions
The Confluence Activity stream will display all pages that the user has access to according to the restrictions. However, if the user is limited in viewing a page due to inherited restrictions from a parent page, the page in question will still show up in the activity stream, and when following t...
Activity stream not respecting parent page restrictions
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-28543. panel The Confluence Activity stream will display all pages that the user has access to according to the restrictions...
Activity stream not respecting parent page restrictions
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-28543. panel The Confluence Activity stream will display all pages that the user has access to according to the restrictions...
Anonymous users can see page restriction data, exposing user ids and group names
If an user navigates to a page that has any kind of individual "editing" restriction but is of public view and then clicks on the padlock icon, he or she will see the Names, Uids of the users who are mentioned in the "edit" restriction or any groups part if the restriction. We think it is wrong t...
Inherit Edit Restrictions for Child Pages
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-26446. panel As it said in Documentation for Page Restrictions|https://confluence.atlassian.com/display/DOC/Page+Restrictions:...
Inherit Edit Restrictions for Child Pages
As it said in Documentation for Page Restrictions|https://confluence.atlassian.com/display/DOC/Page+Restrictions: quote'Edit' restrictions are not inherited from the parent page, only from the space. In a space, the 'Add Pages' permission governs both the creation and the editiing of pages. See...
Inherit Edit Restrictions for Child Pages
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-26446. panel As it said in Documentation for Page Restrictions|https://confluence.atlassian.com/display/DOC/Page+Restrictions:...
User can upload attachments to restricted pages that adopt restrictions from parent page
Users that should have no access to restricted pages that adopt restrictions from the parent page are able to upload attachments if they know the page ID. How to reproduce: 1. Create 2 users, user1 and user2 2. Create a page with user1 and set the page view and edit restrictions to "Me" 3. Create...
autocomplete box in page restrictions finds deleted users, wrong usernames
We recently migrated our user management from JIRA to Crowd, our Confluence instance used to link to JIRA for authentication, and now links to Crowd. We now found that, when editing the restrictions on individual pages, the autocomplete feature in that dialog acts strange: Users that have been...