Home > Cyber News > CVE-2021-26084: Critical Atlassian Confluence Flaw Exploited in the Wild

CVE-2021-26084: Critical Atlassian Confluence Flaw Exploited in the Wild

CVE-2021-26084: Critical Atlassian Confluence Vulnerability
CVE-2021-26084 is a vulnerability in Atlassian Confluence deployments across Windows and Linux. The flaw is critical, and has been exploited to deploy web shells causing the execution of cryptocurrency miners on vulnerable systems.

CVE-2021-26084: Critical Atlassian Confluence Vulnerability

According to Trend Micro’s Zero Day Initiative analysis, the issue is related to an Object-Graph Navigation Language (OGNL) injection in the Webwork module of Atlassian Confluence Server and Data Center. The vulnerability can be leveraged by remote attackers by sending a crafted HTTP requests with a malicious parameter to a vulnerable server. This could then lead to arbitrary code execution “in the security context of the affected server.”

What Is Atlassian Confluence?

Atlassian Confluence is a collaboration platform written primarily in Java and running on a bundled Apache Tomcat application server. The plarform helps users create content using spaces, pages, and blogs that other users can comment on and edit. By default, Confluence is accessible via HTTP on port 8090/TCP, Trend Micro noted.

As for the vulnerability, it resides in the Webwork module of Atlassian Confluence Server and Data Center. The issue comes from an insufficient validation of user-supplied input, causing the parser to evaluate rogue commands injected within the OGNL expressions.

Earlier this month, the U.S. Cyber Command issued alerts regarding the mass exploitation of CVE-2021-26084, followed by the flaw’s public disclosure in August.

To detect this attack, affected parties should monitor all HTTP traffic requests, where the path component of the request-URI contains one of the strings in the “URI path” column of a table featured in the report.

In July, another critical flaw in the Atlassian platform, in multiple versions of its Jira Data Center and Jira Service Management Data Center products, was revealed. The software engineering platform is used by 180,000 customers which were endangered by remote, unauthenticated attacks. The bug was tracked as CVE-2020-36239.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree