Atlassian Confluence < 6.1.3 OAuth Plugin IconUriServlet Internal Network Resource Disclosure CSRF
Medium Nessus Plugin ID 110771
SynopsisA web application running on the remote host is affected by a internal network resource disclosure (CSRF) vulnerability.
DescriptionAccording to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 6.1.3.
It is, therefore, affected by a internal network resource disclosure (CSRF) vulnerability in the OAuth plugin IconUriServlet.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Atlassian Confluence version 6.1.3 or later.