Vulnerabilities > CVE-2021-26072 - Server-Side Request Forgery (SSRF) vulnerability in Atlassian Confluence Server

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
atlassian
CWE-918
NVD
Published: 2021-04-01
Updated: 2022-07-27

Summary

The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery (SSRF) vulnerability.

Vulnerable Configurations

Part Description Count
Application
Atlassian
386

Common Weakness Enumeration (CWE)

References