Confluence public link for a page turned on
Description
AlphaSOC detected that a public link was enabled for a Confluence page. This action allows anyone with the link to access the page content without authentication. Adversaries may exploit this feature to exfiltrate sensitive data.
Impact
Enabling public links on Confluence pages can lead to unauthorized disclosure of sensitive data, intellectual property, or other confidential information. This activity may indicate data exfiltration attempt or accidental exposure of sensitive content that could be exploited by threat actors.
Severity
Severity | Condition |
---|---|
Low | Confluence public link for a page turned on |
Investigation and Remediation
Review the Confluence audit logs to identify which pages had public links enabled and who enabled them. Verify whether this action was authorized and aligns with your organization's data sharing policies. If unauthorized, immediately disable the public links, rotate any potentially compromised credentials, and conduct a thorough assessment to determine if any sensitive information was exposed.