CVE-2021-26085

Name of the Vulnerable Software and Affected Versions Atlassian Confluence Server versions prior to 7.4.10 Atlassian Confluence Server versions 7.5.0 through 7.12.3

Description The issue allows remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the "/s/" endpoint. This is related to authorization errors. Exploitation of the issue may allow a remote attacker to read arbitrary files.

Recommendations For versions prior to 7.4.10, update to version 7.4.10 or later. For versions 7.5.0 through 7.12.3, update to version 7.12.3 or later. As a temporary workaround, consider restricting access to the "/s/" endpoint until a patch is available.