CVE-2021-26084: Atlassian Confluence OGNL Injection Vulnerability Exploited in the Wild

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

Recently disclosed critical flaw in Atlassian Confluence Server is being exploited in the wild by attackers. Organizations should apply patches immediately.

Background

On August 25, Atlassian published a security advisory for a critical vulnerability in its Confluence Server and Data Center software.

CVE Description CVSSv3 VPR* CVE-2021-26084 Confluence Server Webwork OGNL Injection 9.8 9.7

* Please note: Tenable’s Vulnerability Priority Rating (VPR) scores are calculated nightly. This blog post was published on September 7 and reflects VPR at that time.

On September 1, one week after the advisory was published, Troy Mursch of Bad Packets detected attackers scanning for and attempting to exploit vulnerable servers.

Analysis

CVE-2021-26084 is an Object-Graph Navigation Language (OGNL) injection vulnerability in the Atlassian Confluence Webwork implementation. An unauthenticated, remote attacker could exploit this flaw by sending a specially crafted request to vulnerable endpoints on the Confluence Server or Data Center instance. Successful exploitation would allow an attacker to execute

Read the article