Skip to main content

Confluence public link for a page turned on

ID:confluence_public_link
Data type:Confluence
Severity:
Low
MITRE ATT&CK:TA0009:T1530

Description

AlphaSOC detected that a public link was enabled for a Confluence page. This action allows anyone with the link to access the page content without authentication. Adversaries may exploit this feature to exfiltrate sensitive data.

Impact

Enabling public links on Confluence pages can lead to unauthorized disclosure of sensitive data, intellectual property, or other confidential information. This activity may indicate data exfiltration attempt or accidental exposure of sensitive content that could be exploited by threat actors.

Severity

SeverityCondition
Low
Confluence public link for a page turned on

Investigation and Remediation

Review the Confluence audit logs to identify which pages had public links enabled and who enabled them. Verify whether this action was authorized and aligns with your organization's data sharing policies. If unauthorized, immediately disable the public links, rotate any potentially compromised credentials, and conduct a thorough assessment to determine if any sensitive information was exposed.