CVE-2021-26084

Name of the Vulnerable Software and Affected Versions Atlassian Confluence Server and Data Center versions prior to 6.13.23 Atlassian Confluence Server and Data Center versions 6.14.0 through 7.4.11 Atlassian Confluence Server and Data Center versions 7.5.0 through 7.11.6 Atlassian Confluence Server and Data Center versions 7.12.0 through 7.12.5

Description An Object-Graph Navigation Language (OGNL) injection issue exists in Atlassian Confluence Server and Data Center. This allows an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The vulnerability is related to improper handling of OGNL expressions. Exploitation has been observed in real-world attacks, including breaches of confluence.chronopay.com and cf.blackswordresearch.com, resulting in data leakage. The vulnerability is exploitable via the /pages/doenterpagevariables.action API endpoint, utilizing the queryString parameter. The vulnerability has been exploited by financially motivated actors and cryptominers. Approximately an unknown number of devices are potentially affected worldwide.

Recommendations Upgrade Confluence Server and Data Center to a version later than 6.13.23. Upgrade Confluence Server and Data Center to a version later than 7.4.11. Upgrade Confluence Server and Data Center to a version later than 7.11.6. Upgrade Confluence Server and Data Center to a version later than 7.12.5.