Confluence Support

Vulnerability

By crafting a custom HTTP request, an attacker can delete or modify global permissions settings on a Confluence site.

This flaw affects all Confluence versions between 1.4 and 2.2.2. 2.2.3 and later are not vulnerable.

Fix

This issue has been fixed in Confluence 2.2.3. Patches are also available for all versions of Confluence betwen 1.4 and 2.2.2. For more information, please see this issue report.

Atlassian STRONGLY recommends that all customers either upgrade to Confluence 2.2.3, or apply the patch.

Confluence Support

Knowledge base

Products

Jira Software

Jira Service Management

Jira Work Management

Confluence

Bitbucket

Resources

Documentation

Community

Suggestions and bugs

Marketplace

Billing and licensing

Confluence Security Advisory 2006-06-14

Confluence Security Overview and Advisories

On this page

Still need help?

Vulnerability

Fix

Page

Viewport

Confluence

Versions

Confluence Security Advisory 2006-06-14

Confluence Security Overview and Advisories

On this page

Related content

Still need help?

Vulnerability

Fix

Related content