Title:Atlassian Confluence Server 安全漏洞 (CVE-2021-26085) Description:Atlassian Confluence Server是澳大利亚Atlassian公司的一套具有企业知识管理功能,并支持用于构建企业WiKi的协同软件的服务器版本。 Atlassian Confluence Server 存在安全漏洞,该漏洞允许远程攻击者通过 /s/ 端点中的预授权任意文件读取漏洞查看受限资源。以下产品和版本受到影响:7.4.10 之前的版本,以及 7.12.3 之前的 7.5.0 版本。
Description
Atlassian Confluence Server allows remote attackers to view restricted resources via local file inclusion in the /s/ endpoint.
File Snapshot
id: CVE-2021-26085
info:
name: Atlassian Confluence Server - Local File Inclusion
author: princ
...
Shenlong Bot has cached this for you
Remarks
1. It is advised to access via the original source first.2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.