-
Public Security Vulnerability
-
Resolution: Fixed
-
Low
-
7.20.2
-
None
-
5.3
-
Medium
-
CVE-2023-22503
Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature.
This vulnerability was reported by Rojan Rijal of the Tinder Security Engineering team.
The affected versions are before version 7.13.15, from version 7.14.0 before 7.19.7, and from version 7.20.0 before 8.2.0.
Affected versions:
- version < 7.13.15
- 7.14.0 β€ version < 7.19.7
- 7.20.0 β€ version < 8.2.0
Fixed versions:
- 7.13.15
- 7.19.7
- 8.2.0
[CONFSERVER-82403] Information disclosure of names of attachments and labels in a private Confluence space - CVE-2023-22503
| Remote Link | New: This issue links to "Page (Confluence)" [ 762220 ] |
| CVE ID | New: CVE-2023-22503 |
| Summary | Original: Information disclosure of names of attachments and labels in a private Confluence space | New: Information disclosure of names of attachments and labels in a private Confluence space - CVE-2023-22503 |
| Labels | Original: advisory advisory-to-release dont-import security π’β | New: advisory advisory-to-release dont-import fixed-versions-published security π’β |
| Security | Original: Reporter and Atlassian Staff [ 10751 ] |
| Remote Link | New: This issue links to "Page (Confluence)" [ 739303 ] |
| Remote Link | New: This issue links to "Page (Confluence)" [ 736629 ] |
| Remote Link | New: This issue links to "Page (Confluence)" [ 736438 ] |
| Remote Link | New: This issue links to "Page (Confluence)" [ 735472 ] |
| Security | New: Reporter and Atlassian Staff [ 10751 ] |