CVE-2023-22503: Infoleak
First published: Mon May 01 2023(Updated: )
Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature. This vulnerability was reported by Rojan Rijal of the Tinder Security Engineering team. The affected versions are before version 7.13.15, from version 7.14.0 before 7.19.7, and from version 7.20.0 before 8.2.0.
Credit: security@atlassian.com security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Confluence Data Center | <7.13.15 | |
| Atlassian Confluence Data Center | >=7.14.0<7.19.7 | |
| Atlassian Confluence Data Center | >=7.20.0<8.2.0 | |
| Atlassian Confluence Server | <7.13.15 | |
| Atlassian Confluence Server | >=7.14.0<7.19.7 | |
| Atlassian Confluence Server | >=7.20.0<8.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-22503?
CVE-2023-22503 is an Information Disclosure vulnerability in Atlassian Confluence Server and Data Center that allows anonymous remote attackers to view the names of attachments and labels in a private Confluence space.
How does CVE-2023-22503 impact Atlassian Confluence?
CVE-2023-22503 allows anonymous remote attackers to disclose sensitive information by viewing attachment and label names in a private Confluence space.
Which versions of Atlassian Confluence Server and Data Center are affected by CVE-2023-22503?
Versions up to 7.13.15 of Atlassian Confluence Server and Data Center are affected, as well as versions 7.14.0 to 7.19.7 and versions 7.20.0 to 8.2.0.
What is the severity of CVE-2023-22503?
CVE-2023-22503 has a severity rating of 5.3, which is considered medium.
Is there a fix available for CVE-2023-22503?
Yes, Atlassian has released fixes for CVE-2023-22503. It is recommended to upgrade to a fixed version of Atlassian Confluence Server or Data Center.
- collector/nvd-latest
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/references
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/tags
- vendor/atlassian
- canonical/atlassian confluence data center
- version/atlassian confluence data center/7.14.0
- version/atlassian confluence data center/7.20.0
- canonical/atlassian confluence server
- version/atlassian confluence server/7.14.0
- version/atlassian confluence server/7.20.0