AP-429
Unauthorized edition of private space definitions
Description
By changing the id parameter of the definition, it is possible to edit the definition belonging to a space to which the user does not have access. After the changes, the definition changes its space.
Below description from original bugcrowd ticket:
The following image illustrates a definition created in a private space of Confluence, highlighting that the user 5e4dabfc393ea90c94b42043 does not have access to the space:
Next, it can be observed that it was possible to overwrite the definition of the private space after providing the ID of the private space definition in the id parameter using the session token of the user
Finally, the following image shows that the definition was removed from the private space and another one was created in the space of the user '5e4dabfc393ea90c94b42043':
Activity
Details
Priority
High
Hello @Kamil Zarychta,
Please merge code to dev branch.
This is the best moment to add more information that can be helpful to prepare release notes.
Can you prepare short overview of change that can be used in release notes?
Please provide short GIF that showcase feature.
If GIF make no sense, can you provide image that highlights feature that can be used in release notes (cropped & annotated)?
Fix verified in QA
Hello @Kamil Zarychta ]
This is the best moment to add more information that can be helpful for tester.
What areas are affected?
What are potential edge cases?
Was it checked for XSS problems?
Does change affect security, is new data exposed?
Please attach - Before / After screenshot if possible.
Hello [~accountid:],
Task is ready for review.
@Kamil Zarychta please make sure reviewer
have easy access to contend to be reviewed.
If this is code change. Please make sure PR is created.
If this is new documentation, blogpost, etc. Please provide link to page.