4.3
CVE-2021-26072
- EPSS 8.7%
- Veröffentlicht 01.04.2021 19:15:13
- Zuletzt bearbeitet 21.11.2024 05:55:48
- Quelle security@atlassian.com
- CVE-Watchlists
- Unerledigt
LoginThe WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery (SSRF) vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Atlassian ≫ Confluence Data Center Version < 5.8.6
Atlassian ≫ Confluence Server Version < 5.8.6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 8.7% | 0.921 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
CWE-918 Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.