Description

Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability in the attachments feature. The affected versions are before version 7.19.9. This vulnerability was discovered by Rojan Rijal of the Tinder Security Engineering Team.

Remediation

References

CVE-2023-22504

Related Vulnerabilities

WordPress Plugin Print Invoice & Delivery Notes for WooCommerce Cross-Site Request Forgery (4.7.2)

MySQL CVE-2021-2072 Vulnerability (CVE-2021-2072)

WordPress Plugin VIDEO GALLERY 'upload1.php' Arbitrary File Upload (1.3)

WordPress Plugin WooCommerce Affiliate-Coupon Affiliates Cross-Site Request Forgery (4.11.3.3)

WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.26)

Severity

Medium

Classification

CVE-2023-22504 CWE-434 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities