CVE-2021-26085
published 2021-08-03CVE-2021-26085: Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability…
medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-04-18
Exploited in the wild
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | confluence_data_center | < 7.4.10 | 7.4.10 |
| atlassian | confluence_data_center | >= 7.5.0 < unspecified | unspecified |
| atlassian | confluence_data_center | >= 7.5.0 < 7.12.3 | 7.12.3 |
| atlassian | confluence_data_center | >= unspecified < 7.4.10 | 7.4.10 |
| atlassian | confluence_data_center | >= unspecified < 7.12.3 | 7.12.3 |
| atlassian | confluence_server | < 7.4.10 | 7.4.10 |
| atlassian | confluence_server | >= 7.5.0 < unspecified | unspecified |
| atlassian | confluence_server | >= 7.5.0 < 7.12.3 | 7.12.3 |
| atlassian | confluence_server | >= unspecified < 7.4.10 | 7.4.10 |
| atlassian | confluence_server | >= unspecified < 7.12.3 | 7.12.3 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
vulncheck5.3MEDIUM
cisa5.3MEDIUM