cvelistv5 - CVE-2021-26084

CVE-2021-26084 (GCVE-0-2021-26084)

Vulnerability from cvelistv5

Published

2021-08-30 06:30

Modified

2025-10-21 23:25

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Remote Code Execution

Summary

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.

References

URL

Tags

security@atlassian.com	http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html	Exploit, Third Party Advisory, VDB Entry
security@atlassian.com	https://jira.atlassian.com/browse/CONFSERVER-67940	Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://jira.atlassian.com/browse/CONFSERVER-67940	Issue Tracking, Patch, Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26084	US Government Resource

Impacted products

Vendor

Product

Version

Atlassian

Confluence Server

Version: unspecified   < 6.13.23
Version: 6.14.0   < unspecified
Version: unspecified   < 7.4.11
Version: 7.5.0   < unspecified
Version: unspecified   < 7.11.6
Version: 7.12.0   < unspecified
Version: unspecified   < 7.12.5

Atlassian

Confluence Data Center

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2021-11-03

Due date: 2021-11-17

Required action: Apply updates per vendor instructions.

Used in ransomware: Known

Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-26084

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:19:19.592Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CONFSERVER-67940"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-26084",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "rapid"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-24T03:55:33.630835Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2021-11-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26084"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-917",
                "description": "CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:25:35.945Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26084"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2021-11-03T00:00:00+00:00",
            "value": "CVE-2021-26084 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Confluence Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "6.13.23",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.4.11",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.11.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.12.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.12.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Confluence Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "6.13.23",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.4.11",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.11.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.12.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.12.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-08-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-08T17:06:12.000Z",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/CONFSERVER-67940"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@atlassian.com",
          "DATE_PUBLIC": "2021-08-10T00:00:00",
          "ID": "CVE-2021-26084",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Confluence Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.13.23"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.4.11"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.5.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.11.6"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.12.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.12.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Confluence Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.13.23"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.4.11"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.5.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.11.6"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.12.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.12.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Atlassian"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.atlassian.com/browse/CONFSERVER-67940",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/CONFSERVER-67940"
            },
            {
              "name": "http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2021-26084",
    "datePublished": "2021-08-30T06:30:14.248Z",
    "dateReserved": "2021-01-25T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:25:35.945Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2021-26084",
      "cwes": "[\"CWE-917\"]",
      "dateAdded": "2021-11-03",
      "dueDate": "2021-11-17",
      "knownRansomwareCampaignUse": "Known",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2021-26084",
      "product": "Confluence Server and Data Center",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Atlassian Confluence Server and Data Server contain an Object-Graph Navigation Language (OGNL) injection vulnerability that may allow an unauthenticated attacker to execute code.",
      "vendorProject": "Atlassian",
      "vulnerabilityName": "Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection Vulnerability"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-26084\",\"sourceIdentifier\":\"security@atlassian.com\",\"published\":\"2021-08-30T07:15:06.587\",\"lastModified\":\"2025-10-24T13:38:44.590\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.\"},{\"lang\":\"es\",\"value\":\"En las versiones afectadas de Confluence Server y Data Center, se presenta una vulnerabilidad de inyecci\u00f3n OGNL que permitir\u00eda a un usuario no autenticado ejecutar c\u00f3digo arbitrario en una instancia de Confluence Server o Data Center. Las versiones afectadas son las versiones anteriores a 6.13.23, desde versiones 6.14.0 anteriores a 7.4.11, desde versiones 7.5.0 anteriores a 7.11.6 y desde versiones 7.12.0 anteriores a 7.12.5.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2021-11-03\",\"cisaActionDue\":\"2021-11-17\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-917\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-917\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.13.23\",\"matchCriteriaId\":\"6A28735F-4827-4410-8B0B-C209ECD21DFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.14.0\",\"versionEndExcluding\":\"7.4.11\",\"matchCriteriaId\":\"FA5224DF-97AB-4D8E-B66D-FC65A1333531\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.5.0\",\"versionEndExcluding\":\"7.11.6\",\"matchCriteriaId\":\"E776BF66-74F1-4D8E-9099-42A4E5EEE300\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.12.0\",\"versionEndExcluding\":\"7.12.5\",\"matchCriteriaId\":\"E11303D6-258F-4FAC-A868-BF506E7F5A4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.13.23\",\"matchCriteriaId\":\"6D1FF67F-3FB4-4C0C-8263-3D4CA00A02CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.14.0\",\"versionEndExcluding\":\"7.4.11\",\"matchCriteriaId\":\"F5CCD4D0-6BC7-442A-9D4D-43841FE40F3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.5.0\",\"versionEndExcluding\":\"7.11.6\",\"matchCriteriaId\":\"DF59072C-9911-4035-A75A-27D882988919\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.12.0\",\"versionEndExcluding\":\"7.12.5\",\"matchCriteriaId\":\"BFEE2534-EBEF-438B-B616-ED4FFBC9246E\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html\",\"source\":\"security@atlassian.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://jira.atlassian.com/browse/CONFSERVER-67940\",\"source\":\"security@atlassian.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://jira.atlassian.com/browse/CONFSERVER-67940\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26084\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://jira.atlassian.com/browse/CONFSERVER-67940\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T20:19:19.592Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-26084\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"rapid\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-24T03:55:33.630835Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2021-11-03\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26084\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2021-11-03T00:00:00+00:00\", \"value\": \"CVE-2021-26084 added to CISA KEV\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-917\", \"description\": \"CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-04T14:48:14.220Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Atlassian\", \"product\": \"Confluence Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"6.13.23\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"6.14.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"7.4.11\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.5.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"7.11.6\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.12.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"7.12.5\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Atlassian\", \"product\": \"Confluence Data Center\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"6.13.23\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"6.14.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"7.4.11\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.5.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"7.11.6\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.12.0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"7.12.5\", \"versionType\": \"custom\"}]}], \"datePublic\": \"2021-08-10T00:00:00.000Z\", \"references\": [{\"url\": \"https://jira.atlassian.com/browse/CONFSERVER-67940\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Remote Code Execution\"}]}], \"providerMetadata\": {\"orgId\": \"f08a6ab8-ed46-4c22-8884-d911ccfe3c66\", \"shortName\": \"atlassian\", \"dateUpdated\": \"2022-06-08T17:06:12.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"6.13.23\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"6.14.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"7.4.11\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"7.5.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"7.11.6\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"7.12.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"7.12.5\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"Confluence Server\"}, {\"version\": {\"version_data\": [{\"version_value\": \"6.13.23\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"6.14.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"7.4.11\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"7.5.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"7.11.6\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"7.12.0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"7.12.5\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"Confluence Data Center\"}]}, \"vendor_name\": \"Atlassian\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://jira.atlassian.com/browse/CONFSERVER-67940\", \"name\": \"https://jira.atlassian.com/browse/CONFSERVER-67940\", \"refsource\": \"MISC\"}, {\"url\": \"http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html\", \"name\": \"http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Remote Code Execution\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2021-26084\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"security@atlassian.com\", \"DATE_PUBLIC\": \"2021-08-10T00:00:00\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-26084\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-30T01:38:02.460Z\", \"dateReserved\": \"2021-01-25T00:00:00.000Z\", \"assignerOrgId\": \"f08a6ab8-ed46-4c22-8884-d911ccfe3c66\", \"datePublished\": \"2021-08-30T06:30:14.248Z\", \"assignerShortName\": \"atlassian\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2021-AVI-677

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans Atlassian Confluence Server et Data Center. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

La vulnérabilité CVE-2021-26084 est activement exploitée. De plus, des codes d'exploitation sont disponibles publiquement sur Internet.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Atlassian	Confluence	Atlassian Confluence Server et Data Center versions 7.12.x antérieures à 7.12.5
Atlassian	Confluence	Atlassian Confluence Server et Data Center versions antérieures à 6.13.23
Atlassian	Confluence	Atlassian Confluence Server et Data Center versions 7.5.x à 7.11.x antérieures à 7.11.6
Atlassian	Confluence	Atlassian Confluence Server et Data Center versions 6.14.x à 7.4.x antérieures à 7.4.11

References

Title

Publication Time

Tags

Bulletin de sécurité Atlassian CVE-2021-26084 du 25 août 2021	None	vendor-advisory
Bulletin de sécurité Atlassian CONFSERVER-67893 du 29 juillet 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Atlassian Confluence Server et Data Center versions 7.12.x ant\u00e9rieures \u00e0 7.12.5",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Atlassian Confluence Server et Data Center versions ant\u00e9rieures \u00e0 6.13.23",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Atlassian Confluence Server et Data Center versions 7.5.x \u00e0 7.11.x ant\u00e9rieures \u00e0 7.11.6",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Atlassian Confluence Server et Data Center versions 6.14.x \u00e0 7.4.x ant\u00e9rieures \u00e0 7.4.11",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-26084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26084"
    },
    {
      "name": "CVE-2021-26085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26085"
    }
  ],
  "initial_release_date": "2021-09-06T00:00:00",
  "last_revision_date": "2021-09-06T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-677",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-09-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Atlassian\nConfluence Server et Data Center. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n\nLa vuln\u00e9rabilit\u00e9 CVE-2021-26084 est activement exploit\u00e9e. De plus, des\ncodes d\u0027exploitation sont disponibles publiquement sur Internet.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Atlassian Confluence Server et Data Center",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CVE-2021-26084 du 25 ao\u00fbt 2021",
      "url": "https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-67893 du 29 juillet 2021",
      "url": "https://jira.atlassian.com/browse/CONFSERVER-67893"
    }
  ]
}

gsd-2021-26084

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2021-26084

Aliases

CVE-2021-26084

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-26084",
    "description": "In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.",
    "id": "GSD-2021-26084",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2021-26084"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-26084"
      ],
      "details": "In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.",
      "id": "GSD-2021-26084",
      "modified": "2023-12-13T01:23:33.885294Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cisa.gov": {
      "cveID": "CVE-2021-26084",
      "dateAdded": "2021-11-03",
      "dueDate": "2021-11-17",
      "product": "Confluence Server",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Atlassian Confluence Server The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5 contains an OGNL injection vulnerability which allows an attacker to execute arbitrary code.",
      "vendorProject": "Atlassian",
      "vulnerabilityName": "Atlassian Confluence Server \u003c 6.13.23, 6.14.0 - 7.12.5 Arbitrary Code Execution"
    },
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@atlassian.com",
        "DATE_PUBLIC": "2021-08-10T00:00:00",
        "ID": "CVE-2021-26084",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Confluence Server",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "6.13.23"
                        },
                        {
                          "version_affected": "\u003e=",
                          "version_value": "6.14.0"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_value": "7.4.11"
                        },
                        {
                          "version_affected": "\u003e=",
                          "version_value": "7.5.0"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_value": "7.11.6"
                        },
                        {
                          "version_affected": "\u003e=",
                          "version_value": "7.12.0"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_value": "7.12.5"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Confluence Data Center",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "6.13.23"
                        },
                        {
                          "version_affected": "\u003e=",
                          "version_value": "6.14.0"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_value": "7.4.11"
                        },
                        {
                          "version_affected": "\u003e=",
                          "version_value": "7.5.0"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_value": "7.11.6"
                        },
                        {
                          "version_affected": "\u003e=",
                          "version_value": "7.12.0"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_value": "7.12.5"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Atlassian"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Remote Code Execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://jira.atlassian.com/browse/CONFSERVER-67940",
            "refsource": "MISC",
            "url": "https://jira.atlassian.com/browse/CONFSERVER-67940"
          },
          {
            "name": "http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.12.5",
                "versionStartIncluding": "7.12.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.12.5",
                "versionStartIncluding": "7.12.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.11.6",
                "versionStartIncluding": "7.5.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.4.11",
                "versionStartIncluding": "6.14.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.13.23",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.4.11",
                "versionStartIncluding": "6.14.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.11.6",
                "versionStartIncluding": "7.5.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.13.23",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@atlassian.com",
          "ID": "CVE-2021-26084"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-74"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.atlassian.com/browse/CONFSERVER-67940",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://jira.atlassian.com/browse/CONFSERVER-67940"
            },
            {
              "name": "http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-06-10T14:26Z",
      "publishedDate": "2021-08-30T07:15Z"
    }
  }
}

CERTFR-2021-ALE-018

Vulnerability from certfr_alerte

Le 25 août 2021, Atlassian a publié un avis de sécurité alertant de l'existence d'une vulnérabilité affectant la solution de travail collaboratif Confluence, référencée CVE-2021-26084.

L'éditeur, ainsi que plusieurs autres sources, indiquent que la vulnérabilité CVE-2021-26084, qui permet à un attaquant non authentifié d'exécuter du code arbitraire à distance, est activement exploitée. Le 3 septembre 2021, l'éditeur confirme par ailleurs que toutes les versions citées ci-dessus sont vulnérables, quelles que soient leurs configurations.

Le CERT-FR a également connaissance de campagnes d'identification de serveurs Confluence exposés sur Internet. De plus, des codes d'exploitation sont disponibles publiquement pour cette vulnérabilité.

Solution

Le CERT-FR recommande très fortement d'appliquer les correctifs sans délai au vu des risques d'exploitation. Dans le cas où la mise à jour ne peut pas être effectuée rapidement, l'éditeur propose un contournement temporaire (*).

Le CERT-FR rappelle également que ce type de service ne devrait pas être exposé sur Internet [1].

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

(*) La mise à jour d’un produit ou d’un logiciel est une opération délicate qui doit être menée avec prudence. Il est notamment recommandé d’effectuer des tests autant que possible. Des dispositions doivent également être prises pour garantir la continuité de service en cas de difficultés lors de l’application des mises à jour comme des correctifs ou des changements de version.

Impacted products

Vendor	Product	Description
Atlassian	Confluence	Atlassian Confluence Server et Data Center versions 7.12.x antérieures à 7.12.5
Atlassian	Confluence	Atlassian Confluence Server et Data Center versions antérieures à 6.13.23
Atlassian	Confluence	Atlassian Confluence Server et Data Center versions 7.5.x à 7.11.x antérieures à 7.11.6
Atlassian	Confluence	Atlassian Confluence Server et Data Center versions 6.14.x à 7.4.x antérieures à 7.4.11

References

Title

Publication Time

Tags

Bulletin de sécurité Atlassian CVE-2021-26084	2021-08-25	vendor-advisory
Avis CERT-FR CERTFR-2021-AVI-677 du 06 septembre 2021	-	other
[1] Guide ANSSI sur le nomadisme numérique	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Atlassian Confluence Server et Data Center versions 7.12.x ant\u00e9rieures \u00e0 7.12.5",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Atlassian Confluence Server et Data Center versions ant\u00e9rieures \u00e0 6.13.23",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Atlassian Confluence Server et Data Center versions 7.5.x \u00e0 7.11.x ant\u00e9rieures \u00e0 7.11.6",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Atlassian Confluence Server et Data Center versions 6.14.x \u00e0 7.4.x ant\u00e9rieures \u00e0 7.4.11",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "closed_at": "2022-01-05",
  "content": "## Solution\n\n**Le CERT-FR recommande tr\u00e8s fortement d\u0027appliquer les correctifs sans\nd\u00e9lai au vu des risques d\u0027exploitation.** Dans le cas o\u00f9 la mise \u00e0 jour\nne peut pas \u00eatre effectu\u00e9e rapidement, l\u0027\u00e9diteur propose un\ncontournement temporaire (\\*).\n\n**Le CERT-FR rappelle \u00e9galement que ce type de service ne devrait pas\n\u00eatre expos\u00e9 sur Internet \\[1\\].**\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n------------------------------------------------------------------------\n\n(\\*) La mise \u00e0 jour d\u2019un produit ou d\u2019un logiciel est une op\u00e9ration\nd\u00e9licate qui doit \u00eatre men\u00e9e avec prudence. Il est notamment recommand\u00e9\nd\u2019effectuer des tests autant que possible. Des dispositions doivent\n\u00e9galement \u00eatre prises pour garantir la continuit\u00e9 de service en cas de\ndifficult\u00e9s lors de l\u2019application des mises \u00e0 jour comme des correctifs\nou des changements de version.\n",
  "cves": [
    {
      "name": "CVE-2021-26084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26084"
    }
  ],
  "initial_release_date": "2021-09-06T00:00:00",
  "last_revision_date": "2022-01-05T00:00:00",
  "links": [
    {
      "title": "Avis CERT-FR CERTFR-2021-AVI-677 du 06 septembre 2021",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2021-AVI-677/"
    },
    {
      "title": "[1] Guide ANSSI sur le nomadisme num\u00e9rique",
      "url": "https://www.ssi.gouv.fr/guide/recommandations-sur-le-nomadisme-numerique/"
    }
  ],
  "reference": "CERTFR-2021-ALE-018",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-09-06T00:00:00.000000"
    },
    {
      "description": "Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
      "revision_date": "2022-01-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Le 25 ao\u00fbt 2021, Atlassian a publi\u00e9 un avis de s\u00e9curit\u00e9 alertant de\nl\u0027existence d\u0027une vuln\u00e9rabilit\u00e9 affectant la solution de travail\ncollaboratif Confluence, r\u00e9f\u00e9renc\u00e9e CVE-2021-26084.\n\nL\u0027\u00e9diteur, ainsi que plusieurs autres sources, indiquent que la\nvuln\u00e9rabilit\u00e9 CVE-2021-26084, qui permet \u00e0 un attaquant non authentifi\u00e9\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance, est activement exploit\u00e9e. Le 3\nseptembre 2021, l\u0027\u00e9diteur confirme par ailleurs que toutes les versions\ncit\u00e9es ci-dessus sont vuln\u00e9rables, quelles que soient leurs\nconfigurations.\n\nLe CERT-FR a \u00e9galement connaissance de campagnes d\u0027identification de\nserveurs Confluence expos\u00e9s sur Internet. De plus, des codes\nd\u0027exploitation sont disponibles publiquement pour cette vuln\u00e9rabilit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Atlassian Confluence Server et Data Center",
  "vendor_advisories": [
    {
      "published_at": "2021-08-25",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CVE-2021-26084",
      "url": "https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html"
    }
  ]
}

ghsa-855c-xp53-5fp2

Vulnerability from github

Published

2022-05-24 22:28

Modified

2025-10-22 00:32

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The vulnerable endpoints can be accessed by a non-administrator user or unauthenticated user if ‘Allow people to sign up to create their account’ is enabled. To check whether this is enabled go to COG > User Management > User Signup Options. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-26084"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-74",
      "CWE-917"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-30T07:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The vulnerable endpoints can be accessed by a non-administrator user or unauthenticated user if \u2018Allow people to sign up to create their account\u2019 is enabled. To check whether this is enabled go to COG \u003e User Management \u003e User Signup Options. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.",
  "id": "GHSA-855c-xp53-5fp2",
  "modified": "2025-10-22T00:32:19Z",
  "published": "2022-05-24T22:28:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26084"
    },
    {
      "type": "WEB",
      "url": "https://jira.atlassian.com/browse/CONFSERVER-67940"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26084"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/164013/Confluence-Server-7.12.4-OGNL-Injection-Remote-Code-Execution.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/164122/Atlassian-Confluence-WebWork-OGNL-Injection.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

fkie_cve-2021-26084

Vulnerability from fkie_nvd

Published

2021-08-30 07:15

Modified

2025-10-24 13:38

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@atlassian.com	http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html	Exploit, Third Party Advisory, VDB Entry
security@atlassian.com	https://jira.atlassian.com/browse/CONFSERVER-67940	Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://jira.atlassian.com/browse/CONFSERVER-67940	Issue Tracking, Patch, Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26084	US Government Resource

Impacted products

Vendor	Product	Version
atlassian	confluence_data_center	*
atlassian	confluence_data_center	*
atlassian	confluence_data_center	*
atlassian	confluence_data_center	*
atlassian	confluence_server	*
atlassian	confluence_server	*
atlassian	confluence_server	*
atlassian	confluence_server	*

JSON

To clipboard

{
  "cisaActionDue": "2021-11-17",
  "cisaExploitAdd": "2021-11-03",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A28735F-4827-4410-8B0B-C209ECD21DFC",
              "versionEndExcluding": "6.13.23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA5224DF-97AB-4D8E-B66D-FC65A1333531",
              "versionEndExcluding": "7.4.11",
              "versionStartIncluding": "6.14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E776BF66-74F1-4D8E-9099-42A4E5EEE300",
              "versionEndExcluding": "7.11.6",
              "versionStartIncluding": "7.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E11303D6-258F-4FAC-A868-BF506E7F5A4E",
              "versionEndExcluding": "7.12.5",
              "versionStartIncluding": "7.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D1FF67F-3FB4-4C0C-8263-3D4CA00A02CD",
              "versionEndExcluding": "6.13.23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5CCD4D0-6BC7-442A-9D4D-43841FE40F3E",
              "versionEndExcluding": "7.4.11",
              "versionStartIncluding": "6.14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF59072C-9911-4035-A75A-27D882988919",
              "versionEndExcluding": "7.11.6",
              "versionStartIncluding": "7.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFEE2534-EBEF-438B-B616-ED4FFBC9246E",
              "versionEndExcluding": "7.12.5",
              "versionStartIncluding": "7.12.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5."
    },
    {
      "lang": "es",
      "value": "En las versiones afectadas de Confluence Server y Data Center, se presenta una vulnerabilidad de inyecci\u00f3n OGNL que permitir\u00eda a un usuario no autenticado ejecutar c\u00f3digo arbitrario en una instancia de Confluence Server o Data Center. Las versiones afectadas son las versiones anteriores a 6.13.23, desde versiones 6.14.0 anteriores a 7.4.11, desde versiones 7.5.0 anteriores a 7.11.6 y desde versiones 7.12.0 anteriores a 7.12.5."
    }
  ],
  "id": "CVE-2021-26084",
  "lastModified": "2025-10-24T13:38:44.590",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2021-08-30T07:15:06.587",
  "references": [
    {
      "source": "security@atlassian.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-67940"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/CONFSERVER-67940"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26084"
    }
  ],
  "sourceIdentifier": "security@atlassian.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-917"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-917"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2021-26084 (GCVE-0-2021-26084)

Vulnerability from cvelistv5

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

CERTFR-2021-AVI-677

Vulnerability from certfr_avis

Solution

gsd-2021-26084

Vulnerability from gsd

CERTFR-2021-ALE-018

Vulnerability from certfr_alerte

Solution

ghsa-855c-xp53-5fp2

Vulnerability from github

fkie_cve-2021-26084

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature