Vulnerabilities > CVE-2021-26084 - Expression Language Injection vulnerability in Atlassian Confluence Data Center and Confluence Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Related news
- Atlassian Confluence flaw actively exploited to install cryptominers (source)
- US govt warns orgs to patch massively exploited Confluence bug (source)
- U.S. Cyber Command Warns of Ongoing Attacks Exploiting Atlassian Confluence Flaw (source)
- Jenkins struck by 'Confluenza' as US Cyber Command warns Atlassian flaw 'cannot wait' (source)
- Latest Atlassian Confluence Flaw Exploited to Breach Jenkins Project Server (source)
- Jenkins project's Confluence server hacked to mine Monero (source)
- Jenkins Hit as Atlassian Confluence Cyberattacks Widen (source)
- Atlassian Confluence RCE Flaw Abused in Multiple Cyberattack Campaigns (source)
- Public Redis exploit used by malware gang to grow botnet (source)
- Atlassian Releases Patch for Confluence Zero-Day Flaw Exploited in the Wild (source)
- Critical Atlassian Confluence zero-day exploited by attackers (CVE-2023-22515) (source)