Affected versions of Atlassian Confluence Server allow remote authenticated attackers to view sensitive information in the hidden attachments of custom content on reindexing via an Information Disclosure vulnerability in the search page.

The affected versions are before version 7.13.12, from version 7.14.0 before 7.19.4, and from version 7.20.0 before 8.0.0.

Affected versions:

• version < 7.13.12
• 7.14.0 ≤ version < 7.19.4
• 7.20.0 ≤ version < 8.0.0

Fixed versions:

• 7.13.12
• 7.19.4
• 8.0.0