/
Security Advisory WSO2-2017-0262
com.atlassian.confluence.content.render.xhtml.migration.exceptions.UnknownMacroMigrationException: The macro 'next_previous_links' is unknown.

Security Advisory WSO2-2017-0262

Sept 13, 2017

Published: 4th September 2017

Severity: High

CVSS Score: 7.3 (CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)

 

AFFECTED PRODUCTS

 

WSO2 Governance Registry 5.4.0

 

OVERVIEW

 

A potential Session Fixation vulnerability has been identified in the Publisher and Store applications.

 

DESCRIPTION

 

The Store and Publisher applications do not renew session ID upon user login, resulting a potential Session Fixation vulnerability.

An attacker could potentially exploit this vulnerability by fixing a session ID, or gaining access to an unauthenticated initial session ID and later use the same ID after the user authentication is completed.

 

IMPACT 

 

An attacker could gain same access level as the victim and perform activities by impersonating the victim.

 

SOLUTION

 

Apply the following patches based on your product version by following the instructions in the README file. If you have any questions, post them to security@wso2.com.

Please download the relevant patches based on the products you use following the matrix below. Patches can also be downloaded from http://wso2.com/security-patch-releases/.

 

Code

Product

Version

Patch

GREG

WSO2 Governance Registry

5.4.0

WSO2-CARBON-PATCH-4.4.0-1221

 

NOTES

 

If you are using newer versions of the products than the ones mentioned in the “SOLUTION” section, this vulnerability is fixed.

 

com.atlassian.confluence.content.render.xhtml.migration.exceptions.UnknownMacroMigrationException: The macro 'next_previous_links2' is unknown.