06
Set 2021
Vulnerability Alert - Atlassian Confluence
TYPE
Vulnerabilities
SYSTEMS AFFECTED
Confluence Server and Confluence Data Center
ECOSYSTEM
Other
Descrição
Atlassian has published a security update that fixes an OGNL injection vulnerability associated with Confluence (CVE-2021-26084). This vulnerability affects several versions of Confluence Server and Data Center, but Confluence Cloud users are not affected. [1]
See the list of affected versions in [1].
Impacto
If this vulnerability is successfully exploited, it allows an authenticated attacker - in some situations, unauthenticated - to execute arbitrary code.
Resolução
It is recommended to upgrade to the following versions: [2]
- If you are running an affected version upgrade to version 7.13.0 (LTS) or higher.
- If you are running 6.13.x versions and cannot upgrade to 7.13.0 (LTS) then upgrade to version 6.13.23.
- If you are running 7.4.x versions and cannot upgrade to 7.13.0 (LTS) then upgrade to version 7.4.11.
- If you are running 7.11.x versions and cannot upgrade to 7.13.0 (LTS) then upgrade to version 7.11.6.
- If you are running 7.12.x versions and cannot upgrade to 7.13.0 (LTS) then upgrade to version 7.12.5.
Referências
[1] https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html
[2] https://www.atlassian.com/software/confluence/download-archives