CVE-2021-26085
Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
4Exploited in Wild
YesDecision
Descriptions
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.
Las versiones afectadas de Atlassian Confluence Server permiten a los atacantes remotos visualizar recursos restringidos por medio de una vulnerabilidad de lectura arbitraria de archivos de autorización previa en el endpoint /s/. Las versiones afectadas son anteriores a la versión 7.4.10 y desde la versión 7.5.0 anteriores a 7.12.3
Atlassian Confluence Server version 7.5.1 suffers from a pre-authorization arbitrary file read vulnerability.
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a pre-authorization arbitrary file read vulnerability in the /s/ endpoint.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-25 CVE Reserved
- 2021-08-03 CVE Published
- 2021-10-05 First Exploit
- 2022-03-28 Exploited in Wild
- 2022-04-18 KEV Due Date
- 2024-09-17 CVE Updated
- 2024-11-19 EPSS Updated
CWE
- CWE-425: Direct Request ('Forced Browsing')
CAPEC
References (5)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/50377 | 2021-10-05 | |
| https://github.com/ColdFusionX/CVE-2021-26085 | 2021-10-12 | |
| https://github.com/zeroc00I/CVE-2021-26085 | 2021-10-06 | |
| http://packetstormsecurity.com/files/164401/Atlassian-Confluence-Server-7.5.1-Arbitrary-File-Read.html | 2024-09-17 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://jira.atlassian.com/browse/CONFSERVER-67893 | 2023-08-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Atlassian Search vendor "Atlassian" | Confluence Data Center Search vendor "Atlassian" for product "Confluence Data Center" | < 7.4.10 Search vendor "Atlassian" for product "Confluence Data Center" and version " < 7.4.10" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Confluence Data Center Search vendor "Atlassian" for product "Confluence Data Center" | >= 7.5.0 < 7.12.3 Search vendor "Atlassian" for product "Confluence Data Center" and version " >= 7.5.0 < 7.12.3" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Confluence Server Search vendor "Atlassian" for product "Confluence Server" | < 7.4.10 Search vendor "Atlassian" for product "Confluence Server" and version " < 7.4.10" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Confluence Server Search vendor "Atlassian" for product "Confluence Server" | >= 7.5.0 < 7.12.3 Search vendor "Atlassian" for product "Confluence Server" and version " >= 7.5.0 < 7.12.3" | - |
Affected
| ||||||