Loading...

XML

Word

Printable

Type: Public Security Vulnerability
Resolution: Fixed
Priority: Low
Fix Version/s: 7.4.10, 7.12.3, 7.13.0
Affects Version/s: 7.6.3, 7.8.3, 7.9.0, 7.10.0, 7.10.1
Component/s: None
Labels:

CVSS Score:
5.2
CVSS Severity:
Medium
CVE ID:
CVE-2021-26085

Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint.

The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.

This vulnerability was discovered by Amit Laish, GE Digital, Cyber Security Lab.

Affected versions:

version < 7.4.10
7.5.0 ≤ version < 7.12.3

Fixed versions:

7.4.10
7.12.3
7.13.0
7.14.0

is related to

CONFSERVER-60469 Pre-Authorization Limited Arbitrary File Read in Confluence Server - CVE-2020-29448

Published

JRASERVER-72695 Limited Remote File Read in Jira Software Server - CVE-2021-26086

Published

mentioned in: Page Loading...; Page Loading...; Page Loading...

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 12 Start watching this issue

Created:: 21/Jul/2021 12:18 AM

Updated:: 21/Feb/2023 3:40 PM

Resolved:: 29/Jul/2021 2:35 AM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates