Atlassian Confluence Server Remote Attachment Upload via BAC
CVE-2023-22504 Published on May 25, 2023

Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability in the attachments feature.

NVD

Products Associated with CVE-2023-22504

Want to know whenever a new CVE is published for Atlassian Confluence? stack.watch will email you.

Atlassian Confluence

Affected Versions

Atlassian Confluence Data Center:

Version < 1.1.2 is unaffected.
Version >= 1.1.2 is affected.
Version >= 7.14.0 is affected.
Version >= 7.20.0 is affected.
Version >= 7.13.7 is unaffected.
Version >= 7.19.9 is unaffected.
Version >= 8.2.2 is unaffected.
Version >= 8.3.0 is unaffected.

Atlassian Confluence Server:

Version < 1.1.2 is unaffected.
Version >= 1.1.2 is affected.
Version >= 7.14.0 is affected.
Version >= 7.20.0 is affected.
Version >= 7.13.7 is unaffected.
Version >= 7.19.9 is unaffected.
Version >= 8.2.2 is unaffected.
Version >= 8.3.0 is unaffected.

Exploit Probability

EPSS

0.19%

Percentile

40.22%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Atlassian Confluence Server Remote Attachment Upload via BACCVE-2023-22504 Published on May 25, 2023

Products Associated with CVE-2023-22504

Affected Versions

Exploit Probability

Atlassian Confluence Server Remote Attachment Upload via BAC
CVE-2023-22504 Published on May 25, 2023