CVE-2021-26085 — Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability
2022-03-28 • CISA Known Exploited Vulnerability
[event] Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a pre-authorization arbitrary file read vulnerability in the /s/ endpoint.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | Atlassian |
| Product | Confluence Server |
| CWE | CWE-425 |
| CVE ID | CVE-2021-26085 |
| Date Added | 2022-03-28 |
| Due Date | 2022-04-18 |
| Ransomware Campaign | Known — this vulnerability has been leveraged in ransomware campaigns |
> MITIGATION
Apply updates per vendor instructions.
Due Date: 2022-04-18