1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability

Known Exploited Vulnerabilities CVE-2021-26085

Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2021-26085 Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability primary_impact T1005 Data from Local System
Comments
This vulnerability allows viewing of restricted resources via a pre-authorization arbitrary file read vulnerability.
References
  1. https://www.exploit-db.com/exploits/50377
CVE-2021-26085 Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
This vulnerability allows viewing of restricted resources via a pre-authorization arbitrary file read vulnerability.
References
  1. https://www.exploit-db.com/exploits/50377