Affected versions of Table Filter and Charts for Confluence Server allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in Table from CSV macro which could be exploited by providing URL in the CSV URL parameter.
Conditions: CSV source parameter is set to URL and a malicious URL is set in the CSV URL parameter.
When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource that provides access credentials and other potentially confidential information.