Server-Side Request Forgery Vulnerability in Confluence by Atlassian
CVE-2021-26072

4.3MEDIUM

Key Information:

Vendor: Atlassian
Status: Confluence Server; Confluence Data Center
Vendor: CVE Published:; 1 April 2021

Summary

The WidgetConnector plugin in Confluence Server and Confluence Data Center versions before 5.8.6 is vulnerable to a blind Server-Side Request Forgery (SSRF). This vulnerability enables remote attackers to exploit the system by manipulating internal network resource requests, potentially leading to unauthorized access and data exposure.

Affected Version(s)

Confluence Data Center < 5.8.6

Confluence Server < 5.8.6

References

https://jira.atlassian.com/browse/CONFSERVER-61399

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 1, 2021
Vulnerability Reserved
Jan 25, 2021