Lucene search

[email protected]CVE-2021-26085

HistoryAug 03, 2021 - 12:15 a.m.

CVE-2021-26085

2021-08-0300:15:00

CWE-425

[email protected]

web.nvd.nist.gov

927

In Wild

cve-2021-26085

atlassian confluence server

remote attackers

restricted resources

arbitrary file read

vulnerability

nvd

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.963 High

EPSS

Percentile

99.5%

JSON

Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.

CPENameOperatorVersion
atlassian:confluence_serveratlassian confluence serverlt7.4.10
atlassian:confluence_serveratlassian confluence serverlt7.12.3
atlassian:confluence_data_centeratlassian confluence data centerlt7.12.3
atlassian:confluence_data_centeratlassian confluence data centerlt7.4.10

CPE	Name	Operator	Version
atlassian:confluence_server	atlassian confluence server	lt	7.4.10
atlassian:confluence_server	atlassian confluence server	lt	7.12.3
atlassian:confluence_data_center	atlassian confluence data center	lt	7.12.3
atlassian:confluence_data_center	atlassian confluence data center	lt	7.4.10