Skip to main content Skip to local navigation
UIT

Service Advisory – CVE-2021-26084 – Confluence Server Webwork OGNL injection

Posted on September 8, 2021

 

A picture containing text Description automatically generated

 

Service Advisory

 

Please share the following information with your teams.

 

Information Security has noticed a recent critical vulnerability (CVE-2021-26084) for confluence servers and Data center exploited in the wild. An unauthenticated, remote attacker could exploit this flaw by sending a specially crafted request to vulnerable endpoints on the Confluence Server or Data Center instance.

 

Severity level 

CVSS Score: (Critical) 9.8

  

Description:- 

The vulnerability permits the injection of OGNL code and thus execution of arbitrary code on computers with Confluence Server or Confluence Data Center installed. In some cases, even a user who is not authenticated can exploit the vulnerability.

 

Affected Versions :- All 4.x.x versions, All 5.x.x versions, All 6.0.x versions, All 6.1.x versions, All 6.2.x versions, All 6.3.x versions, All 6.4.x versions, All 6.5.x versions, All 6.6.x versions , All 6.7.x versions, All 6.8.x versions,        All 6.9.x versions, All 6.10.x versions, All 6.11.x versions, All 6.12.x versions, All 6.13.x versions before 6.13.23, All 6.14.x versions , All 6.15.x versions, All 7.0.x versions, All 7.1.x versions, All 7.2.x versions, All 7.3.x versions, All 7.4.x versions before 7.4.11, All 7.5.x versions, All 7.6.x versions, All 7.7.x versions, All 7.8.x versions, All 7.9.x versions, All 7.10.x versions, All 7.11.x versions before 7.11.6, All 7.12.x versions before 7.12.5.

Confluence Cloud is not affected

 

Impact 

A remote attacker could exploit this vulnerability to take control of an affected system.

 

Resolution 

Atlassian has released patches for CVE-2021-26084

Update to the fixed versions 6.13.23, 7.4.11, 7.11.6, 7.12.5, 7.13.0.

https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html

  

Reference 

https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html

https://us-cert.cisa.gov/ncas/current-activity/2021/09/03/atlassian-releases-security-updates-confluence-server-and-data

https://www.tenable.com/blog/cve-2021-26084-atlassian-confluence-ognl-injection-vulnerability-exploited-in-the-wild

 

Contact:

UIT Client Services at askit@yorku.ca or 416 736 5800

 

PRIVACY POLICY | VISIT WWW.YORKU.CA
This email was sent by: York University, 4700 Keele Street, Toronto, Ontario M3J 1P3

This email is viewed best in Microsoft Outlook for web