QID 150369

Date Published: 2021-10-11

QID 150369: Atlassian Confluence Server Pre-Authorization Arbitrary File Read (CVE-2021-26085)

Confluence is team collaboration software written in Java.

Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint.

Affected Versions:
Atlassian Confluence Server versions prior to 7.4.10
Atlassian Confluence Server versions 7.5.0 to 7.12.2

QID Detection Logic (Unauthenticated) :
This QID sends a HTTP GET request to access restricted resources "web.xml" and/or "pom.properties" and based on the response confirms if the target is vulnerable.

Successful exploitation of the vulnerability may allow remote attackers to read sensitive files on the target server.

  • CVSS V3 rated as Medium - 5.3 severity.
  • CVSS V2 rated as Medium - 5 severity.
  • Solution
    Customers are advised to upgrade to latest Atlassian Confluence Server or later versions to remediate this vulnerability. For more information related to this vulnerability please refer to CONFSERVER-67893
    Vendor References

    CVEs related to QID 150369

    Software Advisories
    Advisory ID Software Component Link
    CONFSERVER-67893 URL Logo jira.atlassian.com/browse/CONFSERVER-67893