Description

Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature. This vulnerability was reported by Rojan Rijal of the Tinder Security Engineering team. The affected versions are before version 7.13.15, from version 7.14.0 before 7.19.7, and from version 7.20.0 before 8.2.0.

Remediation

References

CVE-2023-22503

Related Vulnerabilities

Ruby on Rails Improper Input Validation Vulnerability (CVE-2013-6414)

WordPress Plugin NextGEN Gallery-WordPress Gallery Remote Code Execution (2.1.59)

WordPress Plugin YITH WooCommerce Added to Cart Popup Security Bypass (1.3.11)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-0122)

WordPress Plugin Custom Post Types and Custom Fields creator-WCK Multiple Unspecified Vulnerabilities (1.2.9)

Severity

Medium

Classification

CVE-2023-22503 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities