CyberSec.Space Logo
返回 CVE 浏览器

CVE-2021-26085

Known Exploited (CISA KEV)MEDIUM
5.3
CVSS Severity Score
EPSS Score88.8890%
EPSS Percentile91.18th
Published2021年8月3日
Last Modified2025年10月24日

Vulnerability Description

Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.

Affected Platforms (CPE)

📦
Atlassian

Confluence Data Center

< 7.4.10
📦
Atlassian

Confluence Data Center

>= 7.5.0 and < 7.12.3
📦
Atlassian

Confluence Server

< 7.4.10
📦
Atlassian

Confluence Server

>= 7.5.0 and < 7.12.3

References & Advisories

🔗 http://packetstormsecurity.com/files/164401/Atlassian-Confluence-Server-7.5.1-Arbitrary-File-Read.html
🔗 https://jira.atlassian.com/browse/CONFSERVER-67893
🔗 http://packetstormsecurity.com/files/164401/Atlassian-Confluence-Server-7.5.1-Arbitrary-File-Read.html
🔗 https://jira.atlassian.com/browse/CONFSERVER-67893
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26085

相关漏洞威胁

CVE-2021-260849.8

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthentica...

CVE-2019-33969.8

The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 ...

CVE-2019-33959.8

The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from versio...

CVE-2019-33988.8

Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who...