Detections
Analytics

Atlassian Confluence Server < 4.3 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 9633

Synopsis

The remote Confluence server is affected by multiple vulnerabilities.

Description

Versions of Confluence prior to 4.3 are affected by multiple vulnerabilities :

 - A flaw exists that is due to the program allowing anonymous users to access '/spaces/opengrouppicker.action'. This may allow remote attackers to browse internal directories.
 - A flaw exists in '/users/userpicker.action' that is due to the program failing to properly restrict unprivileged access. This may allow a remote attacker to gain access to potentially sensitive information regarding LDAP directory users and groups.
 - A flaw exists in '/users/userpicker.action' that is due to the program exposing LDAP directory users and groups to unauthenticated remote attackers. This may allow a remote attacker to gain access to potentially sensitive information.
 - A flaw exists in '/spaces/opengrouppicker.action' that is due to the program exposing LDAP directory users and groups to unauthenticated remote attackers. This may allow a remote attacker to gain access to potentially sensitive information.
 - A flaw exists in the '/rest/prototype/1/search/user.json' script that is triggered as input passed via the 'query' parameter is not properly handled. This may allow a remote attacker to enumerate arbitrary users.

Solution

Upgrade to Confluence version 4.3 or later.

See Also

https://jira.atlassian.com/browse/CONF-25322

https://jira.atlassian.com/browse/CONF-25350

Plugin Details

Severity: Medium

ID: 9633

Family: CGI

Published: 10/14/2016

Updated: 3/6/2019

Vulnerability Information

CPE: cpe:/a:atlassian:confluence

Patch Publication Date: 9/4/2012

Vulnerability Publication Date: 4/24/2012