Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint.
The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.
This vulnerability was discovered by Amit Laish, GE Digital, Cyber Security Lab.
- version < 7.4.10
- 7.5.0 ≤ version < 7.12.3