[CONFSERVER-60854] DoS by uploading a lot of data for avatars in Confluence - CVE-2020-29450 - Create and track feature requests for Atlassian products.

Type: Public Security Vulnerability
Resolution: Fixed
Priority: Low
Fix Version/s: 7.2.0
Affects Version/s: 7.1.0
Component/s: None
Labels:

CVSS Score:
3
CVSS Severity:
Low
CVE ID:
CVE-2020-29450

Affected versions of Atlassian Confluence Server allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the avatar upload feature in Confluence.

The affected versions are before version 7.2.0.

Affected versions:

version < 7.2.0

Fixed versions:

7.2.0

mentioned in: Page Failed to load

AB added a comment - 07/Jan/2021 4:33 AM

This is an independent assessment and you should evaluate its applicability to your own IT environment.

CVSS v3 score: 3.1 => Low severity

Exploitability Metrics

Attack Vector	Network
Attack Complexity	High
Privileges Required	Low
User Interaction	None

Scope Metric

Scope	Unchanged

Impact Metrics

Confidentiality	None
Integrity	None
Availability	Low

AB added a comment - 07/Jan/2021 4:33 AM This is an independent assessment and you should evaluate its applicability to your own IT environment. CVSS v3 score: 3.1 => Low severity Exploitability Metrics Attack Vector Network Attack Complexity High Privileges Required Low User Interaction None Scope Metric Scope Unchanged Impact Metrics Confidentiality None Integrity None Availability Low

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Created:: 06/Jan/2021 11:46 PM

Updated:: 21/Feb/2023 3:41 PM

Resolved:: 19/Jan/2021 12:26 AM

Details

Description

Attachments

Issue Links

Forms

Activity

[CONFSERVER-60854] DoS by uploading a lot of data for avatars in Confluence - CVE-2020-29450

Collapse comment: AB added a comment - 07/Jan/2021 4:33 AM

Expand comment: AB added a comment - 07/Jan/2021 4:33 AM

People

Dates