Confluence Info Disclosure via Macro Preview (v<7.13.15, <7.19.7, <8.2)
CVE-2023-22503 Published on May 1, 2023
Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature. This vulnerability was reported by Rojan Rijal of the Tinder Security Engineering team. The affected versions are before version 7.13.15, from version 7.14.0 before 7.19.7, and from version 7.20.0 before 8.2.0.
Weakness Type
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2023-22503 has been classified to as an Information Disclosure vulnerability or weakness.
Products Associated with CVE-2023-22503
Want to know whenever a new CVE is published for Atlassian Confluence? stack.watch will email you.
Affected Versions
Atlassian Confluence Data Center:- Version < 7.20.2 is unaffected.
- Version >= 7.20.2 is affected.
- Version >= 7.13.5 is unaffected.
- Version >= 7.19.7 is unaffected.
- Version >= 8.20.0 is unaffected.
- Version < 7.20.2 is unaffected.
- Version >= 7.20.2 is affected.
- Version >= 7.13.5 is unaffected.
- Version >= 7.19.7 is unaffected.
- Version >= 8.20.0 is unaffected.
- Before 7.13.15 is affected.
- Version 7.14.0 and below 7.19.7 is affected.
- Version 7.20.0 and below 8.2.0 is affected.
- Before 7.13.15 is affected.
- Version 7.14.0 and below 7.19.7 is affected.
- Version 7.20.0 and below 8.2.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.