7.5
CVSSv2

CVE-2021-26084

Published: 30/08/2021 Updated: 10/09/2021
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated malicious user to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 prior to 7.4.11, from version 7.5.0 prior to 7.11.6, and from version 7.12.0 prior to 7.12.5.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

atlassian confluence

atlassian data center

Mailing Lists

This Metasploit module exploits an OGNL injection in Atlassian Confluence's WebWork component to execute commands as the Tomcat user ...
Confluence Server version 7124 unauthenticated OGNL injection remote code execution exploit ...

Github Repositories

CVE-2021-26084 Atlassian Confluence Pre-Auth RCE

CVE-2021-26084 this is a script written in golang to exploit Confluence OGNL Injection [CVE-2021-26084] git clone githubcom/march0s1as/CVE-2021-26084/ cd CVE-2021-26084 go get -v githubcom/fatih/color go build postgo /postgo -h

CVE-2021-26084 Atlassian Confluence CVE-2021-26084 one-liner mass checker cat confluence_serverstxt | while read host do; do curl --connect-timeout 10 --max-time 60 --path-as-is --silent --insecure --user-agent "Mozilla/51 (Windows NT 61; Win64; x64; rv:590) Gecko/20100101 Firefox/590" "$host/pages/doenterpagevariablesaction" | grep -q 'a

CVE-2021-26084_GoPOC PoC of CVE-2021-26084 written in Golang based on twittercom/jas502n/status/1433044110277890057?s=20

CVE-2021-26084 This is exploit wikipocpy -u xxxxxcom -p /pages/createpage-entervariablesaction?SpaceKey=x

CVE-2021-26084_Confluence Exploit CVE 2021 26084 Confluence

CVE-2021-26084_Confluence CVE-2021-26084 - Confluence Pre-Auth RCE OGNL injection 远程代码执行可回显

CVE-2021-26084 Exploit In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance The vulnerable endpoints can be accessed by a non-administrator user or unauthenticated user if &l

CVE-2021-26084 queryString param Request Usage: $ python3 Confluence_OGNLInjectionpy -u xxxxxcom

CVE-2021-26084 Confluence OGNL injection CVE-2021-26084 is an Object-Graph Navigation Language (OGNL) injection vulnerability in the Atlassian Confluence Webwork implementation An unauthenticated, remote attacker could exploit this flaw by sending a specially crafted request to vulnerable endpoints on the Confluence Server or Data Center instance Successful exploitation would

CVE-2021-26084 CVE-2021-26084 - Confluence Pre-Auth RCE | OGNL injection Exploit available soon!

CVE-2021-26084 (PoC) | Confluence Server Webwork OGNL injection An OGNL injection vulnerability exists that would allow an authenticated user, and in some instances unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance My fight to locate the entrypoints and injections XD Fight (1) Fight (2) Finally confluence Entrypoints Ex

westone-CVE-2021-26084-scanner A vulnerability scanner that detects CVE-2021-26084 vulnerabilities

Confluence_CVE-2021-26084 Remote Code Execution on Confluence Servers : CVE-2021-26084

CVE-2021-26084 CVE-2021-26084 Remote Code Execution on Confluence Servers

CVE-2021-26084-Nuclei-template This nuclei template is to verify the vulnerability without executing any commands to the target machine

CVE-2021-26084 CVE-2021-26084

CVE-2021-26084 Proof of concept for CVE-2021-26084 Confluence Server Webwork OGNL injection (Pre-Auth RCE) Disclaimer This is for educational purposes only I am not responsible for your actions Use at your own discretion Command Limiations Due to the payload, it is not possible to pass some characters The list below is what I've found during my testing Double quotat

CVE-2021-26084

confluence-rce-poc Setting up POC for CVE-2021-26084 (Docker) /br Feed official docker-entrypointsh to postgres, change db username and password as required

水泽-信息收集自动化工具 郑重声明:文中所涉及的技术、思路和工具仅供以安全为目的的学习交流使用,任何人不得将其用于非法用途以及盈利等目的,否则后果自行承担。 0x01 介绍 作者:Ske 团队:0x727,未来一段时间将陆续开源工具,地址:githubcom/0x727 定位:协助红队人员快

CVE-2021-26084_Confluence Confluence Server Webwork OGNL injection

cve-2021-26084-confluence Just run command without brain

CVE-2021-26084 CVE-2021-26084 Confluence OGNL injection

docker-confluence-patched Patched Confluence 7122 (CVE-2021-26084)

CVE-2021-26084-Confluence-OGNL asjhdsajdlksavksapfokaajsdlksajcsajkdniasfaujdaishfksanxkjsancnxzncijbvkdncjsncdsnkvjndskjn 请输入url:XXXXXXXXXXXXXX 正在进行无损检测 无损检测模块发现存在漏洞!!! 输入1回显模式检测,输入2盲打模式检测:1 请输入要执行的命令:id 执行POC3回显检测模式 uid=2002(confluence) gid=2002(

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&Mobile

Recent Articles

Jenkins Hit as Atlassian Confluence Cyberattacks Widen
Threatpost • Tara Seals • 07 Sep 2021

A just-patched, critical remote code-execution (RCE) vulnerability in the Atlassian Confluence server platform is suffering wide-scale exploitation, the Feds have warned – as evidenced by an attack on the popular Jenkins open-source automation engine.
Atlassian Confluence is a collaboration platform where business teams can organize its work in one place: “Dynamic pages give your team a place to create, capture, and collaborate on any project or idea,” according to the website. “Sp...

Jenkins project's Confluence server hacked to mine Monero
BleepingComputer • Ionut Ilascu • 07 Sep 2021

Hackers exploiting the recently disclosed Atlassian Confluence remote code execution vulnerability breached an internal server from the Jenkins project.
While the attack is concerning because Jenkins is a popular open-source server for automating parts of software development, there is no reason that the project releases, plugins, or code have been impacted.
As
last week, after the proof-of-concept exploit code for CVE-2021-26084 became public, threat actors started to scan f...

US govt warns orgs to patch massively exploited Confluence bug
BleepingComputer • Sergiu Gatlan • 03 Sep 2021

US Cyber Command (USCYBERCOM) has issued a rare alert today urging US organizations to patch a massively exploited Atlassian Confluence critical vulnerability immediately.
"Mass exploitation of Atlassian Confluence CVE-2021-26084 is ongoing and expected to accelerate,"
Cyber National Mission Force (CNMF). 
The USCYBERCOM unit also stressed the importance of patching vulnerable Confluence servers as soon as possible: "Please patch immediately if you haven’t already—

Atlassian Confluence flaw actively exploited to install cryptominers
BleepingComputer • Lawrence Abrams • 02 Sep 2021

Hackers are actively scanning for and exploiting a recently disclosed Atlassian Confluence remote code execution vulnerability to install cryptominers after a PoC exploit was publicly released.
Atlassian Confluence is a very popular web-based corporate team workspace that allows employees to collaborate on projects.
On August 25th, Atlassian issued a security advisory for a Confluence remote code execution (RCE) vulnerability tracked as CVE-2021-26084, allowing an unauthenticated att...

Atlassian warns of critical Confluence flaw
The Register • Simon Sharwood, APAC Editor • 26 Aug 2021

Get our weekly newsletter 9.8-rated bug allows arbitrary code execution – possibly without authentication

Atlassian has warned users of its Confluence Server that they need to patch the product to remedy a Critical-rated flaw.
The company's not saying a lot about CVE-2021-26084, besides describing it as a "Confluence Server Webwork OGNL injection vulnerability … that would allow an authenticated user, and in some instances unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance."
The bug scores 9.8 on the ten-point Common Vulnerability Scoring Sys...