Atlassian.Server.S.Endpoint.Information.Disclosure
Description
This indicates an attack attempt to exploit an Information Disclosure Vulnerability in Atlassian Confluence Server or in Atlassian Jira Server.
This vulnerability is due to improper validation of resources with /s/ endpoints. A remote, unauthenticated attacker can exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in local file disclosure.
Outbreak Alert
According to FortiGuard Labs researcher, the two vulnerabilities could eventually lead to information disclosure. The CVE-2021-26085 for Atlassian Confluence Server could allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. While, the CVE-2021-26086 for Atlassian Jira Server and Data Center could allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint.
Affected Products
Atlassian Confluence Server 7.5.0 through 7.12.3
Atlassian Confluence Server prior to 7.4.10
Atlassian Jira Server prior to 8.4.14
Atlassian Jira Server 8.6.0 to 8.13.5
Atlassian Jira Server 8.14.0 to 8.16.0
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://jira.atlassian.com/browse/CONFSERVER-67893 https://jira.atlassian.com/browse/JRASERVER-72695