vulnerability

Atlassian Confluence: Information Disclosure Vulnerability (CVE-2023-22503)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	05/01/2023	06/26/2024	01/30/2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

05/01/2023

Added

06/26/2024

Modified

01/30/2025

Description

Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature.

This vulnerability was reported by Rojan Rijal of the Tinder Security Engineering team.

The affected versions are before version 7.13.15, from version 7.14.0 before 7.19.7, and from version 7.20.0 before 8.2.0.

Solution(s)

atlassian-confluence-upgrade-7_13_15atlassian-confluence-upgrade-7_19_7atlassian-confluence-upgrade-8_2_0

References

CVE-2023-22503
https://attackerkb.com/topics/CVE-2023-22503

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today