SharePoint Connector Security Advisory 2010-01-18

In this advisory:

XSS Vulnerability in the SharePoint List Macro

深刻度

Atlassian rates this vulnerability as high, according to the scale published in Severity Levels for Security Issues. The scale allows us to rank a vulnerability as critical, high, moderate or low.

Risk Assessment

We have identified and fixed a security vulnerability which may affect Confluence instances in a public environment. This flaw is a cross-site scripting (XSS) vulnerability that could occur when using the SharePoint List macro on a page or blog post.

• 攻撃者は、この脆弱性を利用して他のユーザーのセッション クッキーやその他の資格情報を盗み、その資格情報を攻撃者自身の Web サーバーに送り返す可能性があります。
• 攻撃者のテキストとスクリプトが、Confluence ページを表示している他のユーザーに表示される可能性があります。これにより、貴社の評判が損なわれる可能性があります。

You can read more about XSS attacks at cgisecurity, CERT and other places on the web.

Risk Mitigation

We recommend that you upgrade your Confluence SharePoint Connector to fix this vulnerability. Please see the 'Fix' section below.

Alternatively, if you are not in a position to undertake this immediately and you judge it necessary, you can disable public access to your SharePoint site until you have applied the necessary upgrade. For even tighter control, you could restrict access to trusted groups.

Vulnerability

An attacker can execute their own rogue JavaScript code via the SharePoint List macro. All previous versions of the SharePoint Connector are affected by this vulnerability. The fix is available in Confluence SharePoint Connector 1.1. For more information, please refer to CSI-501.

修正

This issue has been fixed in Confluence SharePoint Connector 1.1 (see the release notes). Please refer to the SharePoint Connector 1.1 Upgrade Notes for further information on upgrading the Confluence SharePoint Connector.

Note that the SharePoint Connector 1.1 requires Confluence 2.8.0 or later. If you are using Confluence 2.7.4 or earlier and are unable to upgrade, please contact our support team for assistance in addressing the vulnerability.