Description

Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability in the attachments feature. The affected versions are before version 7.19.9. This vulnerability was discovered by Rojan Rijal of the Tinder Security Engineering Team.

Remediation

References

CVE-2023-22504

Related Vulnerabilities

WordPress Plugin Cookie Information-Free GDPR Consent Solution Security Bypass (2.0.22)

Oracle Database Server CVE-2007-0271 Vulnerability (CVE-2007-0271)

osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-43727)

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17302)

WordPress Plugin Advanced Classifieds & Directory Pro Security Bypass (1.6.2)

Severity

Medium

Classification

CVE-2023-22504 CWE-434 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities