Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote malicious users to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature. This vulnerability was reported by Rojan Rijal of the Tinder Security Engineering team. The affected versions are before version 7.13.15, from version 7.14.0 prior to 7.19.7, and from version 7.20.0 prior to 8.2.0.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
atlassian confluence data center |
||
atlassian confluence server |