When accessing the Contribution View page insufficient permission checking was occurring which meant that if you knew the url and had the access CiviCRM permission you would be able to view contribution information that you shouldn't have.
All versions less than or equal to: 5.47.1, 5.46.2, 5.45.3
CiviCRM versions 5.47.2, 5.46.3, and 5.45.4 ESR
If you are not on the ESR and haven't yet upgraded to 5.47 upgrade to 5.46.3, if you have upgraded to 5.47 then upgrade to 5.47.2
Bob Silvern of San Diego 350 for reporting the issue
Seamus Lee of JMA Consulting and the Core Team for fixing the issue
security/core#112