5.3
CVE-2021-26085
- EPSS 94.21%
- Veröffentlicht 03.08.2021 00:15:08
- Zuletzt bearbeitet 24.10.2025 13:38:39
- Quelle security@atlassian.com
- CVE-Watchlists
- Unerledigt
LoginAffected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Atlassian ≫ Confluence Data Center Version < 7.4.10
Atlassian ≫ Confluence Data Center Version >= 7.5.0 < 7.12.3
Atlassian ≫ Confluence Server Version < 7.4.10
Atlassian ≫ Confluence Server Version >= 7.5.0 < 7.12.3
28.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability
SchwachstelleAffected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a pre-authorization arbitrary file read vulnerability in the /s/ endpoint.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 94.21% | 0.999 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-425 Direct Request ('Forced Browsing')
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.