CVE-2021-26072
published 2021-04-01CVE-2021-26072: The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EXPLOIT
The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery (SSRF) vulnerability.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | confluence_data_center | < 5.8.6 | 5.8.6 |
| atlassian | confluence_data_center | >= unspecified < 5.8.6 | 5.8.6 |
| atlassian | confluence_server | < 5.8.6 | 5.8.6 |
| atlassian | confluence_server | >= unspecified < 5.8.6 | 5.8.6 |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
vulncheck4.3MEDIUM