PT-2021-16939 · Atlassian · Widgetconnector+1
Published
2021-04-01
·
Updated
2025-10-30
·
CVE-2021-26072
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Confluence Server versions prior to 5.8.6
Confluence Data Center versions prior to 5.8.6
Description
The issue allows remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery (SSRF) vulnerability. This is related to the WidgetConnector plugin.
Recommendations
For Confluence Server versions prior to 5.8.6, update to version 5.8.6 or later.
For Confluence Data Center versions prior to 5.8.6, update to version 5.8.6 or later.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Confluence
Widgetconnector