一、 漏洞 CVE-2021-26084 基础信息
漏洞标题
N/A
来源:AIGC 神龙大模型
漏洞描述信息
在受影响的 Confluence Server 和数据中心版本中,存在一个 OGNL 注入漏洞,这允许未授权的 attacker 在 Confluence Server 或数据中心实例上执行任意代码。受影响的版本是 version 6.13.23 之前,从 version 6.14.0 开始在 7.4.11 之前,从 version 7.5.0 开始在 7.11.6 之前,以及从 version 7.12.0 开始在 7.12.5 之前。
来源:AIGC 神龙大模型
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
来源:AIGC 神龙大模型
漏洞类别
N/A
来源:AIGC 神龙大模型
漏洞标题
N/A
来源:美国国家漏洞数据库 NVD
漏洞描述信息
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
Atlassian Confluence Server 注入漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Atlassian Confluence Server是澳大利亚Atlassian公司的一套具有企业知识管理功能,并支持用于构建企业WiKi的协同软件的服务器版本。 Atlassian Confluence Server and Data Center 存在注入漏洞,经过身份验证的用户在Confluence 服务器或数据中心实例上执行任意代码。以下产品及版本收到影响:All 4.x.x versions、All 5.x.x versions、All 6.0.x versions、All 6.1.x ver
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
注入
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2021-26084 的公开POC
# POC 描述 源链接 神龙链接
1 CVE-2021-26084 - Confluence Pre-Auth RCE | OGNL injection https://github.com/crowsec-edtech/CVE-2021-26084 POC详情
2 None https://github.com/alt3kx/CVE-2021-26084_PoC POC详情
3 None https://github.com/dinhbaouit/CVE-2021-26084 POC详情
4 CVE-2021-26084 Remote Code Execution on Confluence Servers, reference: https://github.com/httpvoid/writeups/blob/main/Confluence-RCE.md https://github.com/JKme/CVE-2021-26084 POC详情
5 Confluence Server Webwork OGNL injection https://github.com/h3v0x/CVE-2021-26084_Confluence POC详情
6 Atlassian Confluence Pre-Auth RCE https://github.com/Udyz/CVE-2021-26084 POC详情
7 CVE-2021-26084 - Confluence Pre-Auth RCE OGNL injection 回显 https://github.com/prettyrecon/CVE-2021-26084_Confluence POC详情
8 CVE-2021-26084 Remote Code Execution on Confluence Servers https://github.com/0xf4n9x/CVE-2021-26084 POC详情
9 Remote Code Execution on Confluence Servers : CVE-2021-26084 https://github.com/Vulnmachines/Confluence_CVE-2021-26084 POC详情
10 CVE-2021-26084 Remote Code Execution on Confluence Servers https://github.com/Osyanina/westone-CVE-2021-26084-scanner POC详情
11 批量检测 https://github.com/b1gw00d/CVE-2021-26084 POC详情
12 CVE-2021-26084 - Confluence Server Webwork OGNL injection (Pre-Auth RCE) https://github.com/taythebot/CVE-2021-26084 POC详情
13 PoC of CVE-2021-26084 written in Golang based on https://twitter.com/jas502n/status/1433044110277890057?s=20 https://github.com/bcdannyboy/CVE-2021-26084_GoPOC POC详情
14 Just run command without brain https://github.com/smallpiggy/cve-2021-26084-confluence POC详情
15 This is exploit https://github.com/maskerTUI/CVE-2021-26084 POC详情
16 This nuclei template is to verify the vulnerability without executing any commands to the target machine https://github.com/BeRserKerSec/CVE-2021-26084-Nuclei-template POC详情
17 CVE-2021-26084 https://github.com/p0nymc1/CVE-2021-26084 POC详情
18 CVE-2021-26084 Confluence OGNL injection https://github.com/Loneyers/CVE-2021-26084 POC详情
19 cve-2021-26084 EXP https://github.com/Xc1Ym/cve_2021_26084 POC详情
20 Setting up POC for CVE-2021-26084 https://github.com/wolf1892/confluence-rce-poc POC详情
21 Confluence server webwork OGNL injection https://github.com/smadi0x86/CVE-2021-26084 POC详情
22 asjhdsajdlksavksapfoka https://github.com/kkin77/CVE-2021-26084-Confluence-OGNL POC详情
23 Atlassian Confluence CVE-2021-26084 one-liner mass checker https://github.com/1ZRR4H/CVE-2021-26084 POC详情
24 A quick and dirty PoC of cve-2021-26084 as none of the existing ones worked for me. https://github.com/GlennPegden2/cve-2021-26084-confluence POC详情
25 Patched Confluence 7.12.2 (CVE-2021-26084) https://github.com/toowoxx/docker-confluence-patched POC详情
26 CVE-2021-26084 patch as provided in "Confluence Security Advisory - 2021-08-25" https://github.com/nizar0x1f/CVE-2021-26084-patch- POC详情
27 Confluence OGNL injection https://github.com/dorkerdevil/CVE-2021-26084 POC详情
28 [CVE-2021-26084] Confluence pre-auth RCE test script https://github.com/ludy-dev/CVE-2021-26084_PoC POC详情
29 None https://github.com/wdjcy/CVE-2021-26084 POC详情
30 CVE-2021-26084 - Confluence Server Webwork OGNL injection https://github.com/orangmuda/CVE-2021-26084 POC详情
31 Exploit CVE 2021 26084 Confluence https://github.com/TheclaMcentire/CVE-2021-26084_Confluence POC详情
32 confluence远程代码执行RCE / Code By:Jun_sheng https://github.com/Jun-5heng/CVE-2021-26084 POC详情
33 CVE-2021-26084,Atlassian Confluence OGNL注入漏洞 https://github.com/lleavesl/CVE-2021-26084 POC详情
34 Python 3 script to identify CVE-2021-26084 via network requests. https://github.com/quesodipesto/conflucheck POC详情
35 OGNL Injection in Confluence server version < 7.12.5 https://github.com/30579096/Confluence-CVE-2021-26084 POC详情
36 POC of CVE-2021-26084, which is Atlassian Confluence Server OGNL(Object-Graph Navigation Language) Pre-Auth RCE Injection Vulneralibity. https://github.com/antx-code/CVE-2021-26084 POC详情
37 None https://github.com/vpxuser/CVE-2021-26084-EXP POC详情
38 Confluence Server Webwork OGNL injection https://github.com/hev0x/CVE-2021-26084_Confluence POC详情
39 Python3 RCE PoC for CVE-2021-26084 https://github.com/Marshall-Hallenbeck/CVE-2021-26084_Confluence_RCE POC详情
40 None https://github.com/nahcusira/CVE-2021-26084 POC详情
41 Atlassian Confluence Pre-Auth RCE https://github.com/CrackerCat/CVE-2021-26084 POC详情
42 POC of CVE-2021-26084, which is Atlassian Confluence Server OGNL(Object-Graph Navigation Language) Pre-Auth RCE Injection Vulneralibity. https://github.com/ZZ-SOCMAP/CVE-2021-26084 POC详情
43 Confluence OGNL injection https://github.com/attacker-codeninja/CVE-2021-26084 POC详情
44 Confluence Server and Data Center contain an OGNL injection vulnerability that could allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5. The vulnerable endpoints can be accessed by a non-administrator user or unauthenticated user if 'Allow people to sign up to create their account' is enabled. To check whether this is enabled go to COG > User Management > User Signup Options. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-26084.yaml POC详情
45 None https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Atlassian%20Confluence%20doenterpagevariables.action%20%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2021-26084.md POC详情
46 None https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Atlassian%20Confluence%20OGNL%E8%A1%A8%E8%BE%BE%E5%BC%8F%E6%B3%A8%E5%85%A5%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2021-26084.md POC详情
47 https://github.com/vulhub/vulhub/blob/master/confluence/CVE-2021-26084/README.md POC详情
三、漏洞 CVE-2021-26084 的情报信息