CVE-2021-26085
Published on: 08/02/2021 12:00:00 AM UTC
Last Modified on: 01/01/2022 05:55:00 PM UTC
Certain versions of Confluence from Atlassian contain the following vulnerability:
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.
- CVE-2021-26085 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
CVSS3 Score: 5.3 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | NONE | NONE |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | LOW | NONE | NONE |
CVSS2 Score: 5 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | LOW | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | NONE | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Atlassian Confluence Server 7.5.1 Arbitrary File Read ≈ Packet Storm | packetstormsecurity.com text/html |
![]() |
[CONFSERVER-67893] Pre-Authorization Arbitrary File Read in /s/ endpoint - CVE-2021-26085 - Create and track feature requests for Atlassian products. | jira.atlassian.com text/html |
![]() |
Related QID Numbers
Exploit/POC from Github
Atlassian Confluence Server 7.5.1 Pre-Authorization Arbitrary File Read vulnerability (CVE-2021-26085)
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Atlassian | Confluence | All | All | All | All |
- cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
CVE-2021-26085 : Affected versions of #Atlassian Confluence Server allow remote attackers to view restricted resour… twitter.com/i/web/status/1… | 2021-08-03 00:04:50 |