⚠ Actively exploited in ransomware campaigns

This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-04-18.

CVE-2021-26085 — Forced Browsing in Atlassian Confluence Data Center

CWE-425 — Forced Browsing CWE-862 — Missing Authorization12 documents9 sources

Severity

5.3MEDIUMNVD

EPSS

94.0%

top 0.11%

CISA KEV

KEVRansomware

Added 2022-03-28

Due 2022-04-18

Exploit

Exploited in wild

Active exploitation observed

Affected products

Atlassian Confluence Data Center Atlassian Confluence Server

Timeline

PublishedAug 3

KEV addedMar 28

KEV dueApr 18

Latest updateMay 24

CISA Required Action: Apply updates per vendor instructions.

Description

Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

▶CVEListV5atlassian/confluence_serverunspecified — 7.4.10+2

▶NVDatlassian/confluence_server7.5.0 — 7.12.3+1

▶CVEListV5atlassian/confluence_data_centerunspecified — 7.4.10+2

▶NVDatlassian/confluence_data_center7.5.0 — 7.12.3+1

🔴Vulnerability Details

GHSA

GHSA-8mjc-qhq2-3xm8: Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulne↗2022-05-24

▶

CVEList

CVE-2021-26085: Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulne↗2021-08-03

▶

VulnCheck

Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability↗2021

▶

💥Exploits & PoCs

Exploit-DB

Atlassian Confluence 7.12.2 - Pre-Authorization Arbitrary File Read↗2021-10-05

▶

Nuclei

Atlassian Confluence Server - Local File Inclusion

▶

🔍Detection Rules

Suricata

ET EXPLOIT Possible Atlassian Confluence Pre-Authorization Arbitrary File Read Attempt (pom.xml) (CVE-2021-26085)↗2021-10-07

▶

Suricata

ET EXPLOIT Possible Atlassian Confluence Pre-Authorization Arbitrary File Read Attempt (web.xml) (CVE-2021-26085)↗2021-10-07

▶

Suricata

ET EXPLOIT Possible Atlassian Confluence Pre-Authorization Arbitrary File Read Attempt (pom.properties) (CVE-2021-26085)↗2021-10-07

▶

Suricata

ET EXPLOIT Possible Atlassian Confluence Pre-Authorization Arbitrary File Read Attempt (seraph-config.xml) (CVE-2021-26085)↗2021-10-07

▶

📋Vendor Advisories

CISA

Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability↗2022-03-28

▶

💬Community

HackerOne

Path Traversal CVE-2021-26086 CVE-2021-26085↗2021-11-05

▶