CVE-2021-43940Uncontrolled Search Path Element in Atlassian Confluence Data Center

CWE-427Uncontrolled Search Path Element3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.2%
top 63.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Atlassian Confluence Data CenterAtlassian Confluence Server
Timeline
PublishedFeb 15
Latest updateFeb 16

Description

Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence Server and Data Center on Windows. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

CVEListV5atlassian/confluence_data_centerunspecified7.4.10+2
NVDatlassian/confluence_data_center7.5.07.12.3+1
CVEListV5atlassian/confluence_serverunspecified7.4.10+2
NVDatlassian/confluence_server7.5.07.12.3+1

🔴Vulnerability Details

2
GHSA
GHSA-fv2j-f74f-8cgr: Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local syste2022-02-16
CVEList
CVE-2021-43940: Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local syste2022-02-15
CVE-2021-43940 — Uncontrolled Search Path Element | cvebase