Vulnerabilities in Confluence

| No Comments | No TrackBacks

Working on a penetration test for a large insurance company in cooperation with OPTIMAbit I discovered several critical security issues in a professional WIKI product called Confluence that is sold by Atlassian to corporate customers.

The vendor offers an open ticket system to directly report security issues to development. Vendor response was very quick and a new release of the product fixing all reported vulnerabilities was issued within 1 month of reporting.

The reported vulnerabilities included several Cross Site Scripting and one critical privilege escalation issue. For further information please refer to Atlassian's security advisory.

I also want to thank Atlassian for giving proper credits for helping them solve these issues.

No TrackBacks

TrackBack URL: http://thomasjaehnel.com/cgi-bin/mt/mt-tb.cgi/4

Leave a comment


Click here to add a video comment!

About this Entry

This page contains a single entry by Thomas Jaehnel published on November 2, 2008 7:55 PM.

New professional blog was the previous entry in this blog.

WJAX Session Web App Firewalls is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Creative Commons License
This blog is licensed under a Creative Commons License.
homemade code GmbH
powered by homemade code GmbH ~ the application security experts!