CVE-2021-26085 - Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability

CVE ID:CVE-2021-26085

Project:Atlassian

Product:Confluence Server

Date Added:2022-03-28Due Date:2022-04-18

Vulnerability Name

Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability

Description

Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a pre-authorization arbitrary file read vulnerability in the /s/ endpoint.

Known To Be Used in Ransomware Campaigns?

Known

Action

Apply updates per vendor instructions.

Additional Notes

https://nvd.nist.gov/vuln/detail/CVE-2021-26085