CVE-2023-41835

Name of the Vulnerable Software and Affected Versions Apache Struts versions prior to 2.5.32 Apache Struts versions prior to 6.1.2.2 Apache Struts versions prior to 6.3.0.1 Confluence Data Center versions from 7.17.0 to 8.8.0 (excluding 8.8.0) Confluence Data Center versions from 8.0.0 to 8.0.4 Confluence Data Center versions from 8.1.0 to 8.1.4 Confluence Data Center versions from 8.2.0 to 8.2.3 Confluence Data Center versions from 8.3.0 to 8.3.4 Confluence Data Center versions from 8.4.0 to 8.4.5 Confluence Data Center versions from 8.5.0 to 8.5.4 Confluence Data Center versions from 8.6.0 to 8.6.1 Confluence Data Center versions from 8.7.0 to 8.7.1 Confluence Server versions from 7.17.0 to 8.5.4 Confluence Server versions from 8.0.0 to 8.0.4 Confluence Server versions from 8.1.0 to 8.1.4 Confluence Server versions from 8.2.0 to 8.2.3 Confluence Server versions from 8.3.0 to 8.3.4 Confluence Server versions from 8.4.0 to 8.4.5

Description When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. This issue may allow an unauthenticated attacker to expose assets in the environment susceptible to exploitation, with no impact to confidentiality, no impact to integrity, and high impact to availability.

Recommendations Upgrade Apache Struts to version 2.5.32 or greater. Upgrade Apache Struts to version 6.1.2.2 or greater. Upgrade Apache Struts to version 6.3.0.1 or greater. Upgrade Confluence Data Center to version 8.8.0 or greater. Upgrade Confluence Data Center to version 8.5.6 LTS or greater. Upgrade Confluence Server to version 8.5.6 LTS or greater. As a temporary workaround, consider restricting access to the struts.multipart.saveDir directory to minimize the risk of exploitation.