Description
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.
Remediation
References
Related Vulnerabilities
Jetty Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-26048)
WordPress Plugin Fluid Responsive Slideshow Multiple Vulnerabilities (2.2.6)
WordPress Plugin Video Gallery-Vimeo and YouTube Gallery Cross-Site Scripting (1.1.4)
XWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2022-41934)