-
Public Security Vulnerability
-
Resolution: Fixed
-
Low
-
7.13.0
-
None
-
4.3
-
Medium
-
CVE-2023-22504
Affected versions of Atlassian Confluence Server and Data Center allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability in the attachments feature.
The affected versions are before version 7.13.17, from version 7.14.0 before 7.19.9, and from version 7.20.0 before 8.2.2.
This vulnerability was discovered by Rojan Rijal of the Tinder Security Engineering Team.
Affected versions:
- version < 7.13.17
- 7.14.0 β€ version < 7.19.9
- 7.20.0 β€ version < 8.2.2
Fixed versions:
- 7.13.17
- 7.19.9
- 8.2.2
- 8.3.0
- mentions
-
CSP-316627 You do not have permission to view this issue
| Form Name | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
[CONFSERVER-83218] A user with read permissions to a Confluence page is able to upload attachments - CVE-2023-22504
50e16252c2f5 Yes, that's correct. I've updated the ticket description to confirm this.
I assume because this is listed under Confluence "Server" it applies to both Data Center and Server? Can you please confirm?
This is an independent assessment and you should evaluate its applicability to your own IT environment.
CVSS v3 score: 4.3 => Medium severity
Exploitability Metrics
| Attack Vector | Network |
|---|---|
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | None |
Scope Metric
| Scope | Unchanged |
|---|
Impact Metrics
| Confidentiality | None |
|---|---|
| Integrity | Low |
| Availability | None |
https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
ddb136f454b4 Yes, it's reflected in the attachment's version history as per a normal update.