{ "file_item": { "filepath": "security-advisories", "filename": "CERT-EU-SA2021-046.pdf" }, "title": "Critical Vulnerability in Confluence", "serial_number": "2021-046", "publish_date": "01-09-2021 14:27:00", "description": "On 25th of August 2021, Atlassian released a Confluence Security Advisory regarding Confluence Server Webwork OGNL injection. Atlassian rates the severity level of this vulnerability as critical. There is no CVSS score provided yet.", "url_title": "2021-046", "content_markdown": "---\ntitle: 'Critical Vulnerability in\u00a0Confluence'\nversion: '1.0'\nnumber: '2021-046'\ndate: 'September 1, 2021'\n---\n\n_History:_\n\n* _01/09/2021 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn 25th of August 2021, Atlassian released a Confluence Security Advisory regarding Confluence Server Webwork OGNL injection [1]. Atlassian rates the severity level of this vulnerability as critical. There is no CVSS score provided yet [2].\n\n# Technical Details\n\nAn OGNL injection vulnerability exists that would allow an authenticated user, and in some instances unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The issue is tracked in [3].\n\n# Products Affected\n\nConfluence Server and Data Center versions before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5 are affected by this vulnerability [1].\n\n# Recommendations\n\nAtlassian recommends that you upgrade to the latest Long Term Support release [1]. CERT-EU recommends updating the vulnerable application as soon as possible.\n\n## Workarounds and Mitigations\n\nIf you are unable to upgrade Confluence immediately, then as a temporary workaround, the issue can be mitigate by running scripts provided by Atlasian [1].\n\n# References\n\n[1] \n\n[2] \n\n[3] \n", "content_html": "

History:

  • 01/09/2021 --- v1.0 -- Initial publication

Summary

On 25th of August 2021, Atlassian released a Confluence Security Advisory regarding Confluence Server Webwork OGNL injection [1]. Atlassian rates the severity level of this vulnerability as critical. There is no CVSS score provided yet [2].

Technical Details

An OGNL injection vulnerability exists that would allow an authenticated user, and in some instances unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The issue is tracked in [3].

Products Affected

Confluence Server and Data Center versions before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5 are affected by this vulnerability [1].

Recommendations

Atlassian recommends that you upgrade to the latest Long Term Support release [1]. CERT-EU recommends updating the vulnerable application as soon as possible.

Workarounds and Mitigations

If you are unable to upgrade Confluence immediately, then as a temporary workaround, the issue can be mitigate by running scripts provided by Atlasian [1].

References

[1] https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html

[2] https://nvd.nist.gov/vuln/detail/CVE-2021-26084

[3] https://jira.atlassian.com/browse/CONFSERVER-67940

", "licence": { "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)", "link": "https://creativecommons.org/licenses/by/4.0/", "restrictions": "https://cert.europa.eu/legal-notice", "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies" } }