• Language chooser
    • USA (English)
    • France (Français)

virus logo Outbreak Alert

Atlassian Confluence and JIRA Server Vulnerabilities

Released: Dec 13, 2022

Download PDF »

Atlassian Information Disclosure

Medium Severity

Confluence, JIRA Platform

Atlassian Vendor

Vulnerability Type

Subscribe

High target vulnerabilities leading to information disclosure.

According to FortiGuard Labs researcher, the two vulnerabilities could eventually lead to information disclosure. The CVE-2021-26085 for Atlassian Confluence Server could allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. While, the CVE-2021-26086 for Atlassian Jira Server and Data Center could allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. Learn More »

Common Vulnerabilities and Exposures

CVE-2021-26085
CVE-2021-26086

Background

Atlassian released the advisory for CVE-2021-26085 and CVE-2021-26086 respectively on July 21 and August 21, 2021. Both CVEs has a Medium severity base score of 5.3, however software/server versions should be upgraded to correct and required versions if not already been upgraded as recommended by the vendor.

Threat Radar Overall Score:
CVSS Rating 5.0
FortiRecon Score 92/100
Known Exploited Yes
Exploit Prediction Score 96.32%
FortiGuard Telemetry 65105

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


March 28, 2022: CVE-2021-26085 is added to CISA's Known Exploited Vulnerabilities Catalog.


Based on the FortiGuard telemetries, the two CVEs have been a popular target for attackers. The statistics shows considerable high amount of attack detections which sometimes reaches up to 15,000 devices per day. The detected attacks are blocked by the FortiGuard IPS signature. "Atlassian.Server.S.Endpoint.Information.Disclosure"

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT

  • IPS

  • Web App Security

  • Application Firewall

DETECT

  • Outbreak Detection

  • Threat Hunting

  • Content Update

RESPOND
RECOVER
IDENTIFY

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.


Loading ...

Indicators of compromise Indicators of compromise
IOC Indicator List
Indicator Type Status
oast.live domain Active
oast.fun domain Active
oast.site domain Active
45.77.45.106 ip Active
20.205.116.139 ip Active
45.77.45.106:58989 ip Active
http://103.233.11.14:6663/SafeDate url Active
http://124.156.132.142:6999/x86_64 url Active
http://45.77.45.106:58989/setup.sh url Active
103.233.11.14 ip Active
103.233.11.14:6663 ip Active
124.156.132.142 ip Active
124.156.132.142:6999 ip Active
38.150.12.131 ip Active