Description
Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability in the attachments feature. The affected versions are before version 7.19.9. This vulnerability was discovered by Rojan Rijal of the Tinder Security Engineering Team.
Remediation
References
Related Vulnerabilities
Beego Framework Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2024-40465)
Jenkins Missing Authorization Vulnerability (CVE-2026-53438)
WordPress Plugin CWIS-Antivirus Security Scanner Unspecified Vulnerability (2.3.2)
MediaWiki URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-0364)