漏洞描述
Atlassian 官方发布了Confluence Server Webwork OGNL注入漏洞(CVE-2021-26084)的安全公告,远程攻击者在经过身份验证或在特定环境下未经身份验证的情况下,可构造OGNL表达式进行注入,实现在Confluence Server或Data Center上执行任意代码,CVSS评分为9.8。
Atlassian Confluence 远程代码执行漏洞(CVE-2021-26084)
PoC代码
暂无相关漏洞推荐
- Atlassian Confluence /json/setup-restore.action 文件上传漏洞(CVE-2023-22518)
- POC CVE-2015-8399: Atlassian Confluence <5.8.17 - Information Disclosure
- POC CVE-2019-3396: Atlassian Confluence Server - Path Traversal
- POC CVE-2019-3398: Atlassian Confluence Download Attachments - Remote Code Execution
- POC CVE-2021-26085: Atlassian Confluence Server - Local File Inclusion
- POC CVE-2023-22515: Atlassian Confluence - Privilege Escalation
- POC CVE-2023-22518: Atlassian Confluence Server - Improper Authorization
- POC CVE-2023-22527: Atlassian Confluence - Remote Code Execution
- POC CVE-2024-21683: Atlassian Confluence Data Center and Server - Remote Code Execution
- POC CVE-2015-8399: Atlassian Confluence configuration files read
- POC CVE-2022-26134: Atlassian Confluence OGNL注入漏洞
- POC CVE-2023-22515: Atlassian Confluence - Privilege Escalation
- POC CVE-2023-22518: Atlassian Confluence Server - Improper Authorization