logo
DATABASE RESOURCES PRICING ABOUT US

Pre-Authorization Arbitrary File Read in /s/ endpoint - CVE-2021-26085

Description

Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3. This vulnerability was discovered by Amit Laish, GE Digital, Cyber Security Lab.   *Affected versions:* * version < 7.4.10 * 7.5.0 ≤ version < 7.12.3 *Fixed versions:* * 7.4.10 * 7.12.3 * 7.13.0 * 7.14.0  


Affected Software


CPE Name Name Version
confluence server and data center 7.6.3
confluence server and data center 7.9.0
confluence server and data center 7.8.3
confluence server and data center 7.10.0
confluence server and data center 7.10.1
confluence server and data center 7.13.0
confluence server and data center 7.4.10
confluence server and data center 7.12.3

Related