Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint.
The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.
This vulnerability was discovered byΒ Amit Laish, GE Digital, Cyber Security Lab.
Affected versions:
Fixed versions: