Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-60854

DoS by uploading a lot of data for avatars in Confluence - CVE-2020-29450

    • 3
    • Low
    • CVE-2020-29450

      Affected versions of Atlassian Confluence Server allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the avatar upload feature in Confluence.

      The affected versions are before version 7.2.0.

       

      Affected versions:

      • version < 7.2.0

      Fixed versions:

      • 7.2.0  

            [CONFSERVER-60854] DoS by uploading a lot of data for avatars in Confluence - CVE-2020-29450

            AB added a comment -

            This is an independent assessment and you should evaluate its applicability to your own IT environment.

            CVSS v3 score: 3.1 => Low severity

            Exploitability Metrics

            Attack Vector Network
            Attack Complexity High
            Privileges Required Low
            User Interaction None

            Scope Metric

            Scope Unchanged

            Impact Metrics

            Confidentiality None
            Integrity None
            Availability Low

             

            AB added a comment - This is an independent assessment and you should evaluate its applicability to your own IT environment. CVSS v3 score: 3.1 => Low severity Exploitability Metrics Attack Vector Network Attack Complexity High Privileges Required Low User Interaction None Scope Metric Scope Unchanged Impact Metrics Confidentiality None Integrity None Availability Low  

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: