Solution for Unauthenticated Access to Private Pages Data in Confluence via the "Reporting for Confluence" App
Issue
There was a security vulnerability where unauthenticated users could access private pages' data in Confluence using the "Reporting for Confluence" app. This created a significant security risk by potentially exposing sensitive information to unauthorized individuals.
Solution
The issue has been resolved by implementing the following steps:
Lambda Authorizer Setup:
The Reporting Lambda function now enforces authorization by setting
authorizer: true
. This ensures that all requests to access data via the reporting functionality require authentication, mitigating unauthorized access attempts.
Token Handling:
Instead of passing the authentication token as a query parameter, the token is now retrieved from the HTTP headers. This approach enhances security by preventing token exposure in the URL, which could be logged or captured inadvertently.
AccountId Validation:
The system extracts the
AccountId
from the authentication token in the header. If theAccountId
is missing or invalid, the system throws an issue, blocking the request. This validation step ensures that all requests are tied to a specific, authenticated user account.
Interaction with the Scaffolding Lambda:
Once the
AccountId
is validated, the system calls the Scaffolding Lambda function, passing an internal variable that is not exposed externally. This variable helps maintain the integrity of internal communications between services.On the Scaffolding side, a check is performed to validate the variable. If the variable does not exist or is invalid, the Scaffolding Lambda throws an issue. This step ensures that only legitimate requests from the Reporting service are processed.
Request Processing:
If all validations pass and the request is authenticated, the system processes the request as per the existing functionality. This includes sending back the requested data, and ensuring that the reporting service receives the necessary information. However, this data is only provided if the request originates from an authenticated reporting service, thus preventing any exposure to unauthorized sources.
Summary
By enforcing authorization at multiple levels, shifting to header-based token transmission, and introducing variable-based validation between services, the system now prevents unauthenticated access to private page data in Confluence through the "Reporting for Confluence" app. This solution addresses the security risk while maintaining functionality for authorized users.