CVE-2020-29450 — Unrestricted File Upload in Atlassian Confluence Server

CWE-434 — Unrestricted File Upload3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.7%

top 27.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Confluence Server Atlassian Confluence Data Center

Timeline

PublishedJan 19

Latest updateMay 24

Description

Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the avatar upload feature. The affected versions are before version 7.2.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDatlassian/confluence_data_center< 7.2.0

▶CVEListV5atlassian/confluence_serverunspecified — 7.2.0

▶NVDatlassian/confluence_server< 7.2.0

🔴Vulnerability Details

GHSA

GHSA-5m64-chxv-wxq3: Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability via a Denial of Servi↗2022-05-24

▶

CVEList

CVE-2020-29450: Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability via a Denial of Servi↗2021-01-19

▶