CVE-2020-29450

Published: Jan 19, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the avatar upload feature. The affected versions are before version 7.2.0.

Affected (2)

Products: Atlassian: Confluence Data Center, Confluence Server

2 products

Confluence Data Center

Confluence Server

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Atlassian Confluence Data Center	Before 7.2.0
Atlassian Confluence Server	Before 7.2.0

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://jira.atlassian.com/browse/CONFSERVER-60854

Source: security@atlassian.com

Issue TrackingVendor Advisory

https://jira.atlassian.com/browse/CONFSERVER-60854

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.