VDB
CVE-2021-26085
CVE-2021-26085
PUBLISHED
KEV
CVSS 5 MEDIUM
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.
EPSS 93.98% · 99.9th percentile
Risk Scores
CVSS v2.0
5
EPSS Score
93.98%
99.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| atlassian | confluence_server | 0, 7.5.0 |
| atlassian | confluence_data_center | 0, 7.5.0 |
| Atlassian | Confluence Data Center | unspecified, 7.5.0, unspecified |
| Atlassian | Confluence Server | 7.5.0, unspecified, unspecified |
Timeline
- CVE Published
- Mar 12, 2018 PoC Published
- Aug 3, 2021 EPSS Score
- Oct 1, 2021 EPSS Score
- Oct 5, 2021 PoC Published
- Oct 6, 2021 EPSS Score
- Oct 7, 2021 PoC Published
- Oct 25, 2021 PoC Published
- Nov 5, 2021 PoC Published
- Jan 27, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 27, 2022 EPSS Score
References
- https://jira.atlassian.com/browse/CONFSERVER-67893 url
- http://packetstormsecurity.com/files/164401/Atlassian-Confluence-Server-7.5.1-Arbitrary-File-Read.html url
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26085 url
- https://nvd.nist.gov/vuln/detail/CVE-2021-26085 advisory
- https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html advisory