CVE-2021-26084

Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection Vulnerability

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

Act

*SSVC

Descriptions

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.

En las versiones afectadas de Confluence Server y Data Center, se presenta una vulnerabilidad de inyección OGNL que permitiría a un usuario no autenticado ejecutar código arbitrario en una instancia de Confluence Server o Data Center. Las versiones afectadas son las versiones anteriores a 6.13.23, desde versiones 6.14.0 anteriores a 7.4.11, desde versiones 7.5.0 anteriores a 7.11.6 y desde versiones 7.12.0 anteriores a 7.12.5.

Atlassian Confluence Server and Data Server contain an Object-Graph Navigation Language (OGNL) injection vulnerability that may allow an unauthenticated attacker to execute code.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:Act

Exploitation

Active

Automatable

Yes

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2021-01-25 CVE Reserved
2021-08-30 CVE Published
2021-09-01 First Exploit
2021-11-03 Exploited in Wild
2021-11-17 KEV Due Date
2025-02-04 CVE Updated
2025-03-18 EPSS Updated

CWE

CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CAPEC

References (52)

URL	Tag	Source
https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html
https://attackerkb.com/topics/Eu74wdMbEL/cve-2021-26084-confluence-server-ognl-injection/rapid7-analysis
https://github.com/httpvoid/writeups/blob/main/Confluence-RCE.md
https://testbnull.medium.com/atlassian-confluence-pre-auth-rce-cve-2021-26084-v%C3%A0-c%C3%A2u-chuy%E1%BB%87n-v%E1%BB%81-%C4%91i%E1%BB%83m-m%C3%B9-khi-t%C3%ACm-bug-43ab36b6c455
https://tradahacking.vn/atlassian-confluence-cve-2021-26084-the-other-side-of-bug-bounty-45ed19c814f6

URL	Date	SRC
https://packetstorm.news/files/id/164122	2021-09-10
https://packetstorm.news/files/id/167449	2022-06-08
https://packetstorm.news/files/id/164013	2021-09-01
https://www.exploit-db.com/exploits/50243	2021-09-01
https://github.com/0xf4n9x/CVE-2021-26084	2022-02-10
https://github.com/dinhbaouit/CVE-2021-26084	2021-09-01
https://github.com/1ZRR4H/CVE-2021-26084	2021-09-07
https://github.com/dorkerdevil/CVE-2021-26084	2022-01-11
https://github.com/crowsec-edtech/CVE-2021-26084	2021-09-01
https://github.com/taythebot/CVE-2021-26084	2021-09-08
https://github.com/lleavesl/CVE-2021-26084	2021-10-27
https://github.com/CrackerCat/CVE-2021-26084	2021-09-01
https://github.com/Loneyers/CVE-2021-26084	2021-09-03
https://github.com/b1gw00d/CVE-2021-26084	2021-09-01
https://github.com/JKme/CVE-2021-26084	2021-09-01
https://github.com/orangmuda/CVE-2021-26084	2022-01-27
https://github.com/antx-code/CVE-2021-26084	2022-01-14
https://github.com/smadi0x86/CVE-2021-26084	2023-06-06
https://github.com/p0nymc1/CVE-2021-26084	2021-09-03
https://github.com/wdjcy/CVE-2021-26084	2021-10-02
https://github.com/Jun-5heng/CVE-2021-26084	2022-04-18
https://github.com/maskerTUI/CVE-2021-26084	2021-09-02
https://github.com/nahcusira/CVE-2021-26084	2024-05-06
https://github.com/30579096/Confluence-CVE-2021-26084	2021-09-03
https://github.com/nizar0x1f/CVE-2021-26084-patch-	2021-09-08
https://github.com/vpxuser/CVE-2021-26084-EXP	2023-07-05
https://github.com/kkin77/CVE-2021-26084-Confluence-OGNL	2021-09-06
https://github.com/BeRserKerSec/CVE-2021-26084-Nuclei-template	2021-09-02
https://github.com/Osyanina/westone-CVE-2021-26084-scanner	2021-09-01
https://github.com/alt3kx/CVE-2021-26084_PoC	2024-08-12
https://github.com/hev0x/CVE-2021-26084_Confluence	2024-09-23
https://github.com/prettyrecon/CVE-2021-26084_Confluence	2024-08-12
https://github.com/Vulnmachines/Confluence_CVE-2021-26084	2024-08-12
https://github.com/bcdannyboy/CVE-2021-26084_GoPOC	2024-06-05
https://github.com/smallpiggy/cve-2021-26084-confluence	2021-09-02
https://github.com/Xc1Ym/cve_2021_26084	2021-09-03
https://github.com/wolf1892/confluence-rce-poc	2021-09-04
https://github.com/GlennPegden2/cve-2021-26084-confluence	2023-01-10
https://github.com/toowoxx/docker-confluence-patched	2023-12-05
https://github.com/attacker-codeninja/CVE-2021-26084	2021-09-09
https://github.com/ludy-dev/CVE-2021-26084_PoC	2021-12-01
https://github.com/TheclaMcentire/CVE-2021-26084_Confluence	2024-01-19
https://github.com/quesodipesto/conflucheck	2021-11-24
https://github.com/BBD-YZZ/Confluence-RCE	2024-09-22
https://github.com/ZZ-SOCMAP/CVE-2021-26084	2024-09-19
http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html	2025-02-04

URL	Date	SRC
https://jira.atlassian.com/browse/CONFSERVER-67940	2021-08-25

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Atlassian Search vendor "Atlassian"		Confluence Data Center Search vendor "Atlassian" for product "Confluence Data Center"				< 6.13.23 Search vendor "Atlassian" for product "Confluence Data Center" and version " < 6.13.23"		-		Affected
Atlassian Search vendor "Atlassian"		Confluence Data Center Search vendor "Atlassian" for product "Confluence Data Center"				>= 6.14.0 < 7.4.11 Search vendor "Atlassian" for product "Confluence Data Center" and version " >= 6.14.0 < 7.4.11"		-		Affected
Atlassian Search vendor "Atlassian"		Confluence Data Center Search vendor "Atlassian" for product "Confluence Data Center"				>= 7.5.0 < 7.11.6 Search vendor "Atlassian" for product "Confluence Data Center" and version " >= 7.5.0 < 7.11.6"		-		Affected
Atlassian Search vendor "Atlassian"		Confluence Data Center Search vendor "Atlassian" for product "Confluence Data Center"				>= 7.12.0 < 7.12.5 Search vendor "Atlassian" for product "Confluence Data Center" and version " >= 7.12.0 < 7.12.5"		-		Affected
Atlassian Search vendor "Atlassian"		Confluence Server Search vendor "Atlassian" for product "Confluence Server"				< 6.13.23 Search vendor "Atlassian" for product "Confluence Server" and version " < 6.13.23"		-		Affected
Atlassian Search vendor "Atlassian"		Confluence Server Search vendor "Atlassian" for product "Confluence Server"				>= 6.14.0 < 7.4.11 Search vendor "Atlassian" for product "Confluence Server" and version " >= 6.14.0 < 7.4.11"		-		Affected
Atlassian Search vendor "Atlassian"		Confluence Server Search vendor "Atlassian" for product "Confluence Server"				>= 7.5.0 < 7.11.6 Search vendor "Atlassian" for product "Confluence Server" and version " >= 7.5.0 < 7.11.6"		-		Affected
Atlassian Search vendor "Atlassian"		Confluence Server Search vendor "Atlassian" for product "Confluence Server"				>= 7.12.0 < 7.12.5 Search vendor "Atlassian" for product "Confluence Server" and version " >= 7.12.0 < 7.12.5"		-		Affected