Description

Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability in the attachments feature. The affected versions are before version 7.19.9. This vulnerability was discovered by Rojan Rijal of the Tinder Security Engineering Team.

Remediation

References

CVE-2023-22504

Related Vulnerabilities

WordPress Plugin WordPress Social Share Buttons & Analytics-GetSocial.io Cross-Site Request Forgery (4.2)

Atlassian Jira Uncontrolled Search Path Element Vulnerability (CVE-2019-20400)

Oracle JRE CVE-2022-21294 Vulnerability (CVE-2022-21294)

WordPress Plugin Mashshare-Social Media Icons SEO Share Buttons for Facebook, Twitter, Subscribe Information Disclosure (2.3.0)

MODX Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2016-10037)

Severity

Medium

Classification

CVE-2023-22504 CWE-434 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities