Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability (CVE-2021-26085)

Posted by Author Diksha Ojha on Posted on

A Pre-Authorization Arbitrary File Read vulnerability was discovered on 21st, July 2021 in Atlassian Confluence Server. The vulnerability (CVE-2021-26085) is found in the versions before 7.4.10 and 7.5.0 to 7.12.2. 

Confluence is a knowledge and collaboration environment for teams. Dynamic pages give your team a space to work on any project or concept by allowing them to create, capture, and collaborate on it. Spaces assist your team in structuring, organizing, and sharing work so that everyone in the team has access to institutional knowledge and the information they need to execute their best work. 
 
Description 
The Atlassian Confluence Server pre-authorization arbitrary file read vulnerability allows attackers to read files on the confluence server. Remote attackers can read restricted resources using specially crafted URLs in affected versions of the Atlassian Confluence Server. The vulnerability exists in the /s/ endpoint. 
 
At Qualys Labs, we tried to recreate the issue and tested it on Atlassian Confluence Server version 7.12.0 successfully.  
 
Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability (CVE-2021-26085)
Image Source: Qualys 
 
Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability (CVE-2021-26085)
Image Source: Qualys 
 
Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability (CVE-2021-26085)
Image Source: Qualys 
 
Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability (CVE-2021-26085)
Image Source: Qualys 
 
Affected versions 

  • Atlassian Confluence Server versions before 7.4.10 
  • Atlassian Confluence Server versions 7.5.0 to 7.12.2 

Mitigation  
Atlassian has released updates addressing the vulnerability. Customers are advised to upgrade to the latest Atlassian Confluence Server to remediate this vulnerability. For more information related to this vulnerability, please refer to CONFSERVER-67893. 
 
Qualys Detection  
Qualys customers can scan their devices with QID 730184 to detect vulnerable assets.  
  
Please continue to follow Qualys Threat Protection for more coverage on the latest vulnerabilities.  
  
References 
https://www.exploit-db.com/exploits/50377  
https://nvd.nist.gov/vuln/detail/CVE-2021-26085  
https://jira.atlassian.com/browse/CONFSERVER-67893  
https://twitter.com/wugeej/status/1445592205981192203?s=20  
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26085  
https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html  

Leave a Reply

Your email address will not be published. Required fields are marked *