CVE-2023-22503

CVE Database · CVE-2023-22503

CVE-2023-22503

· MEDIUMModified

CVSS v3.1

5.3

EPSS

0.79%

Published

May 1, 2023

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature. This vulnerability was reported by Rojan Rijal of the Tinder Security Engineering team. The affected versions are before version 7.13.15, from version 7.14.0 before 7.19.7, and from version 7.20.0 before 8.2.0.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Weaknesses (CWE)

CWE-200

Affected Products (6)

atlassian · confluence_data_center (up to 7.13.15)vulnerable

atlassian · confluence_data_center (up to 7.19.7)vulnerable

atlassian · confluence_data_center (up to 8.2.0)vulnerable

atlassian · confluence_server (up to 7.13.15)vulnerable

atlassian · confluence_server (up to 7.19.7)vulnerable

atlassian · confluence_server (up to 8.2.0)vulnerable

References (2)

https://jira.atlassian.com/browse/CONFSERVER-82403

Issue TrackingVendor Advisory

https://jira.atlassian.com/browse/CONFSERVER-82403

Issue TrackingVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs