Vulnerabilities > CVE-2021-26072 - Server-Side Request Forgery (SSRF) vulnerability in Atlassian Confluence Data Center and Confluence Server

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

atlassian

CWE-918

NVD

Published: 2021-04-01

Updated: 2022-07-27

Summary

The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery (SSRF) vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Atlassian Atlassian Confluence Server * Atlassian Confluence Data Center *	2

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://jira.atlassian.com/browse/CONFSERVER-61399