CVE-2023-22504
published 2023-05-25CVE-2023-22504: Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments…
medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability in the attachments feature.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | confluence_data_center | — | — |
| atlassian | confluence_data_center | — | — |
| atlassian | confluence_data_center | — | — |
| atlassian | confluence_server | < 7.13.17 | 7.13.17 |
| atlassian | confluence_server | — | — |
| atlassian | confluence_server | — | — |
| atlassian | confluence_server | — | — |
| atlassian | confluence_server | >= 7.14.0 < 7.19.9 | 7.19.9 |
| atlassian | confluence_server | >= 7.20.0 < 8.2.2 | 8.2.2 |