1. Home
  2. CVE Database
  3. CVE-2023-22503
MEDIUM · 5.3

CVE-2023-22503

Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Informat...

Vulnerability Description

Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature. This vulnerability was reported by Rojan Rijal of the Tinder Security Engineering team. The affected versions are before version 7.13.15, from version 7.14.0 before 7.19.7, and from version 7.20.0 before 8.2.0.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
AtlassianConfluence Data Center< 7.13.15
AtlassianConfluence Server< 7.13.15

Related Weaknesses (CWE)

CWE-200

References

FAQ

What is CVE-2023-22503?

CVE-2023-22503 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Informat...

How severe is CVE-2023-22503?

CVE-2023-22503 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-22503?

Check the references section above for vendor advisories and patch information. Affected products include: Atlassian Confluence Data Center, Atlassian Confluence Server.