vulnerability

Atlassian Confluence: Information Disclosure Vulnerability (CVE-2023-22503)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	May 1, 2023	Jun 26, 2024	Jan 30, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

May 1, 2023

Added

Jun 26, 2024

Modified

Jan 30, 2025

Description

Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature.

This vulnerability was reported by Rojan Rijal of the Tinder Security Engineering team.

The affected versions are before version 7.13.15, from version 7.14.0 before 7.19.7, and from version 7.20.0 before 8.2.0.

Solutions

atlassian-confluence-upgrade-7_13_15atlassian-confluence-upgrade-7_19_7atlassian-confluence-upgrade-8_2_0

References

CVE-2023-22503
https://attackerkb.com/topics/CVE-2023-22503

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today