admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-28 09:10:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
GobyVuls/Atlassian/Confluence/CVE-2021-26084
History
xiaoheihei1107 ff4a2ce593
Add CVE-2021-26084
2021-09-03 14:35:51 +08:00
..
Atlassian_Confluence_RCE_CVE_2021_26084.gif
Add CVE-2021-26084
2021-09-03 14:35:51 +08:00
README.md
Add CVE-2021-26084
2021-09-03 14:35:23 +08:00

README.md

Atlassian Confluence RCE (CVE-2021-26084)

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The vulnerable endpoints can be accessed by a non-administrator user or unauthenticated user if Allow people to sign up to create their account is enabled. To check whether this is enabled go to COG > User Management > User Signup Options. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.

FOFA query rule: app="ATLASSIAN-Confluence"

Demo

Atlassian_Confluence_RCE_CVE_2021_26084