3 matches found
Atlassian Confluence < 5.8.6 - Server-Side Request Forgery
Confluence Server and Data Center before 5.8.6 contain a blind server-side request forgery caused by the WidgetConnector plugin, letting remote attackers manipulate internal network resources, exploit requires network access to the server. id: CVE-2021-26072 info: name: Atlassian Confluence 5.8.6...
CVE-2021-26072
CVE-2021-26072 affects Atlassian Confluence Server/Data Center prior to 5.8.6, where the WidgetConnector plugin permits blind SSRF allowing remote attackers to manipulate internal network resources. The issue arises from insecure server-side requests triggered by the widgetconnector, with exploit...
Blind SSRF in widgetConnector - CVE-2021-26072
Affected versions of Atlassian Confluence Server allow remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery SSRF vulnerability in the widgetconnector plugin. When running in an environment like Amazon EC2, this flaw may be used to access...