CVE-2021-26085

Summary

Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.

Affected Software

VendorProductVersion RangeStatus
AtlassianConfluence Serverunspecified < 7.4.10affected
AtlassianConfluence Server7.5.0 < unspecifiedaffected
AtlassianConfluence Serverunspecified < 7.12.3affected
AtlassianConfluence Data Centerunspecified < 7.4.10affected
AtlassianConfluence Data Center7.5.0 < unspecifiedaffected
AtlassianConfluence Data Centerunspecified < 7.12.3affected

Weaknesses

  • Pre-Authorization Arbitrary File Read

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: partial

Additional References

References