In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html | Exploit Third Party Advisory VDB Entry |
https://jira.atlassian.com/browse/CONFSERVER-67940 | Issue Tracking Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
08 Aug 2023, 14:21
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-917 |
Information
Published : 2021-08-30 07:15
Updated : 2024-02-28 18:28
NVD link : CVE-2021-26084
Mitre link : CVE-2021-26084
CVE.ORG link : CVE-2021-26084
JSON object : View
Products Affected
atlassian
- confluence_server
- confluence_data_center
CWE
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')