Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-79000

Unauthenticated remote code execution vulnerability via OGNL template injection - Duplicate

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Highest Highest
    • 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4, 7.18.1
    • 7.4.0, (56)
      7.4.1, 7.4.3, 7.4.4, 7.4.5, 7.4.6, 7.4.7, 7.4.8, 7.4.9, 7.4.10, 7.4.11, 7.4.12, 7.4.13, 7.4.14, 7.4.15, 7.4.16, 7.7.4, 7.8.0, 7.8.1, 7.8.3, 7.9.0, 7.9.1, 7.9.2, 7.9.3, 7.10.0, 7.10.1, 7.10.2, 7.11.0, 7.11.1, 7.11.2, 7.11.3, 7.11.6, 7.12.0, 7.12.1, 7.12.2, 7.12.3, 7.12.4, 7.12.5, 7.13.0, 7.13.1, 7.13.2, 7.13.3, 7.13.4, 7.13.5, 7.13.6, 7.14.0, 7.14.2, 7.15.0, 7.15.1, 7.16.0, 7.16.1, 7.16.2, 7.16.3, 7.17.0, 7.17.2, 7.17.3, 7.18.0
    • Security

      This is a duplicate of https://jira.atlassian.com/browse/CONFSERVER-79016

      See the link above for more information on the issue.

            [CONFSERVER-79000] Unauthenticated remote code execution vulnerability via OGNL template injection - Duplicate

            Hi 85049a8249be,

            Release notes are updated for all the fix versions together, I suspect it might have been some cache issue, reloading the page in new browser should show you the notes.

            Thanks,
            Ganesh

            Ganesh Gautam added a comment - Hi 85049a8249be , Release notes are updated for all the fix versions together, I suspect it might have been some cache issue, reloading the page in new browser should show you the notes. Thanks, Ganesh

            A fix for this issue is available in Confluence Server and Data Center 7.13.7.
            Upgrade now or check out the Release Notes to see what other issues are resolved.

            Ganesh Gautam added a comment - A fix for this issue is available in Confluence Server and Data Center 7.13.7. Upgrade now or check out the Release Notes to see what other issues are resolved.

            Hi,

            The fixed version 7.13.7 LTS might be released, but the release notes for it are not updated.

            Richard

            Richard Bukovansky added a comment - Hi, The fixed version 7.13.7 LTS might be released, but the release notes for it are not updated. Richard

            Ganesh Gautam added a comment - - edited

            A fix for this issue is available in Confluence Server and Data Center 7.18.1.
            Upgrade now or check out the Release Notes to see what other issues are resolved.

            Ganesh Gautam added a comment - - edited A fix for this issue is available in Confluence Server and Data Center 7.18.1. Upgrade now or check out the Release Notes to see what other issues are resolved.

            Ganesh Gautam added a comment - - edited

            A fix for this issue is available in Confluence Server and Data Center 7.4.17.
            Upgrade now or check out the Release Notes to see what other issues are resolved.

            Ganesh Gautam added a comment - - edited A fix for this issue is available in Confluence Server and Data Center 7.4.17. Upgrade now or check out the Release Notes to see what other issues are resolved.

              ggautam Ganesh Gautam
              security-metrics-bot Security Metrics Bot
              Affected customers:
              0 This affects my team
              Watchers:
              20 Start watching this issue

                Created:
                Updated:
                Resolved: