Operating System:

[WIN][UNIX/Linux]

Published:

27 February 2014

Protect yourself against future threats.

//Service

Malicious URL Feed

Add this Australian-based feed to your firewall blacklist and SIEM to prevent compromises to your network.

Read more
Resources > Security Bulletins > ASB-2014.0021 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2014.0021
        A vulnerability has been identified in Atlassian Confluence
                             27 February 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Atlassian Confluence
Operating System:     Windows
                      UNIX variants (UNIX, Linux, OSX)
Impact/Access:        Unauthorised Access -- Remote/Unauthenticated
Resolution:           Patch/Upgrade
Member content until: Saturday, March 29 2014

OVERVIEW

        A vulnerability has been identified in Atlassian Confluence up to and
        including version 5.4.1.


IMPACT

        The vendor has provided the following details regarding the issue:
        
        "User privilege escalation
        
        Severity
        
        Atlassian rates the severity level of this vulnerability as critical, 
        according to the scale published in Severity Levels of Security Issues. 
        The scale allows us to rank the severity as critical, high, moderate 
        or low.
        
        This is an independent assessment and you should evaluate its 
        applicability to your own IT environment.
        
        Description
        
        We have identified and fixed a vulnerability in Confluence which 
        allowed unauthenticated users to commit actions on behalf of any 
        other authorised user. In order to exploit this vulnerability, an 
        attacker requires access to Confluence web interface.
        
        The vulnerability affects all supported versions of Confluence up to 
        and including 5.4.1.
        
        (info) Versions 5.3.4, 5.4 and 5.4.1 are not vulnerable but require 
        patches for compatibility purposes in order to be able to connect to 
        patched or upgraded versions of JIRA and other Atlassian products. You 
        do not need to patch these versions if you are not using Application 
        Links with Trusted Applications authentication configured.
        
        This issue has been fixed in 5.4.2. The issue is tracked in   
        CONF-31628 - Privilege escalation RESOLVED. " [1]


MITIGATION

        The vendor recommends updating to the latest version of Confluence to
        correct this vulnerability.


REFERENCES

        [1] Confluence Security Advisory 2014-02-26
            https://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2014-02-26

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUw7gjRLndAQH1ShLAQIUZw/+LJEWB9pG3UXhwQvMjbSQJZ/ZZ++G8dvl
onavmQO0NV/Qw4lJpp7+KDs+XLT9Ii8SajmtJLn7A8SQT6JmHCPKs9J1fvuhArMf
rcEje736Z57xEmVG1VlCQaTX9ChKzovqYwcLTSuVQgJzngbwLDY9pshexHx4CiMe
sUC9vE2Ay80pJgTjPok7qD6QX5GXjIWkZpQcG4D2g9CwCWKnbp5DETINjbByDXCv
Xd8OyzoiNtN0CqadnUmzKC4UGaSVLzjH/45C4KTYDK8jBFrRYW1bE7yJpIEI/h4q
9zbebV4YnP2rKb6dEmBTPKIzDAdx4n9olZvPdjagMnjHNpsrmJt+4MZtcnTggnCb
BufdrNmvX3PDF6MrIWd90nZxLnuW7mRNaDHYlWJ5fBdc+2vLeONgJ7XeE4WqM8g1
nnklnKvfbXOhGOl9UXL6janAfvMdl4o+V3Ldid/xvFb2btR+w9o7+q1NumAMUg8i
ORxqY9x7jC9oVgBp28OeT1fTqVfXbm7F9JSsfgLJFw6rdpvuwCBK6f+nuuRB3n9X
7rQ5hy8LkjbC7AfAwdoZ7K2Xv079ohDoKo2mcr4KT9YLq5tKXC/Uxp8RUczYAXmN
qV6W7tyaB9JNtJKpcUpBq1XQRasaCSJhnvQae2OLBy2/O7GrDtVQbLfcW7kTPbZj
aYOtP/NtuY4=
=/cAD
-----END PGP SIGNATURE-----