CVE-2012-6342

Name of the Vulnerable Software and Affected Versions Atlassian Confluence version 3.4.6

Description A cross-site request forgery (CSRF) issue exists in the logout.action of Atlassian Confluence, allowing remote attackers to hijack the authentication of administrators for requests that logout the user via a comment.

Recommendations For Atlassian Confluence version 3.4.6, consider restricting access to the logout.action until a patch is available. As a temporary workaround, avoid using the logout functionality via comments to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.