QID 150369
Date Published: 2021-10-11
QID 150369: Atlassian Confluence Server Pre-Authorization Arbitrary File Read (CVE-2021-26085)
Confluence is team collaboration software written in Java.
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint.
Affected Versions:
Atlassian Confluence Server versions prior to 7.4.10
Atlassian Confluence Server versions 7.5.0 to 7.12.2
QID Detection Logic (Unauthenticated) :
This QID sends a HTTP GET request to access restricted resources "web.xml" and/or "pom.properties" and based on the response confirms if the target is vulnerable.
Successful exploitation of the vulnerability may allow remote attackers to read sensitive files on the target server.
- CONFSERVER-67893 -
jira.atlassian.com/browse/CONFSERVER-67893
CVEs related to QID 150369
Advisory ID | Software | Component | Link |
---|---|---|---|
CONFSERVER-67893 |
![]() |