CVE-2023-22503

MEDIUM

Atlassian Confluence Server/Data Center <7.13.15/7.14.0-7.19.6/7.20.0-8.1.9 - Unauthenticated Info Disclosure

Title source: llm

Description

Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature. This vulnerability was reported by Rojan Rijal of the Tinder Security Engineering team. The affected versions are before version 7.13.15, from version 7.14.0 before 7.19.7, and from version 7.20.0 before 8.2.0.

References (1)

Core 1

Core References

Issue Tracking, Vendor Advisory

https://jira.atlassian.com/browse/CONFSERVER-82403

Scores

CVSS v3 5.3

EPSS 0.0050

EPSS Percentile 66.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (2)

atlassian/confluence_data_center < 7.13.15

atlassian/confluence_server < 7.13.15

Published May 01, 2023

Tracked Since Feb 18, 2026