CVE-2023-22504 - OpenCVE

Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability in the attachments feature.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Atlassian	Confluence Server

Configuration 1 [-]

OR	cpe:2.3:a:atlassian:confluence_server::::::::
	cpe:2.3:a:atlassian:confluence_server::::::::
	cpe:2.3:a:atlassian:confluence_server::::::::

No data.

References

Link	Providers
https://jira.atlassian.com/browse/CONFSERVER-83218

History

No history.

MITRE

Status: PUBLISHED

Assigner: atlassian

Published: 2023-05-25T14:00:02.234Z

Updated: 2024-08-02T10:13:48.544Z

Reserved: 2023-01-01T00:01:22.329Z

Link: CVE-2023-22504

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-05-25T14:15:09.877

Modified: 2023-06-07T14:15:09.810

Link: CVE-2023-22504

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-22504", "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "state": "PUBLISHED", "assignerShortName": "atlassian", "dateReserved": "2023-01-01T00:01:22.329Z", "datePublished": "2023-05-25T14:00:02.234Z", "dateUpdated": "2024-08-02T10:13:48.544Z"}, "containers": {"cna": {"affected": [{"vendor": "Atlassian", "product": "Confluence Data Center", "versions": [{"version": "< 1.1.2", "status": "unaffected"}, {"version": ">= 1.1.2", "status": "affected"}, {"version": ">= 7.14.0", "status": "affected"}, {"version": ">= 7.20.0", "status": "affected"}, {"version": ">= 7.13.7", "status": "unaffected"}, {"version": ">= 7.19.9", "status": "unaffected"}, {"version": ">= 8.2.2", "status": "unaffected"}, {"version": ">= 8.3.0", "status": "unaffected"}]}, {"vendor": "Atlassian", "product": "Confluence Server", "versions": [{"version": "< 1.1.2", "status": "unaffected"}, {"version": ">= 1.1.2", "status": "affected"}, {"version": ">= 7.14.0", "status": "affected"}, {"version": ">= 7.20.0", "status": "affected"}, {"version": ">= 7.13.7", "status": "unaffected"}, {"version": ">= 7.19.9", "status": "unaffected"}, {"version": ">= 8.2.2", "status": "unaffected"}, {"version": ">= 8.3.0", "status": "unaffected"}]}], "descriptions": [{"lang": "en", "value": "Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability in the attachments feature."}], "problemTypes": [{"descriptions": [{"description": "Improper Authorization", "lang": "en", "type": "Improper Authorization"}]}], "references": [{"url": "https://jira.atlassian.com/browse/CONFSERVER-83218"}], "credits": [{"lang": "en", "value": "This vulnerability was discovered by Rojan Rijal of the Tinder Security Engineering Team."}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "providerMetadata": {"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "shortName": "atlassian", "dateUpdated": "2023-06-07T14:00:01.151Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:13:48.544Z"}, "title": "CVE Program Container", "references": [{"url": "https://jira.atlassian.com/browse/CONFSERVER-83218", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8212B49-7444-4BC1-8E9D-4FAFE64CA1B5", "versionEndExcluding": "7.13.17", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A47ECCB-A5BC-4160-95CB-4A4C33F3215E", "versionEndExcluding": "7.19.9", "versionStartIncluding": "7.14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "BE4DA184-99BE-4408-BEC9-2B584F6BF1C4", "versionEndExcluding": "8.2.2", "versionStartIncluding": "7.20.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability in the attachments feature."}], "id": "CVE-2023-22504", "lastModified": "2023-06-07T14:15:09.810", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@atlassian.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-05-25T14:15:09.877", "references": [{"source": "security@atlassian.com", "tags": ["Vendor Advisory"], "url": "https://jira.atlassian.com/browse/CONFSERVER-83218"}], "sourceIdentifier": "security@atlassian.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}]}