In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html | Exploit Third Party Advisory VDB Entry |
https://jira.atlassian.com/browse/CONFSERVER-67940 | Issue Tracking Patch Vendor Advisory |
http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html | Exploit Third Party Advisory VDB Entry |
https://jira.atlassian.com/browse/CONFSERVER-67940 | Issue Tracking Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 05:55
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html - Exploit, Third Party Advisory, VDB Entry | |
References | () https://jira.atlassian.com/browse/CONFSERVER-67940 - Issue Tracking, Patch, Vendor Advisory |
08 Aug 2023, 14:21
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-917 |
Information
Published : 2021-08-30 07:15
Updated : 2024-11-21 05:55
NVD link : CVE-2021-26084
Mitre link : CVE-2021-26084
CVE.ORG link : CVE-2021-26084
JSON object : View
Products Affected
atlassian
- confluence_data_center
- confluence_server
CWE
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')