During an internal security review a security flaw was uncovered where a Confluence user could leverage the Style Sheet macro to gain access to content and user details. We've mitigated this vulnerability by requiring URLs in this macro to be whitelisted via the Confluence whitelist feature. More information can be found in our documentation.
This vulnerability effects all previous versions of the app.
This vulnerability has been rated as high, according to the scale published on the Common Vulnerability Scoring System(CVSS).
Based on our investigations, we have not found any instances of this vulnerability being exploited.
We recommend upgrading to Content Formatting version 6.4.1 or higher as soon as possible. If you are unable to upgrade at this time we recommend disabling the Style Sheet macro module in the Content Formatting App section of the Confluence Apps menu.