Atlassian Confluence Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-26072)

Description

The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind Server-Side Request Forgery (SSRF) vulnerability.

Remediation

References

CVE-2021-26072

Related Vulnerabilities

Jboss EAP Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-1000180)

WordPress Plugin WooCommerce BuddyPress Integration Unspecified Vulnerability (3.2.6.1)

Vanilla Forums Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2018-15833)

MySQL CVE-2021-2169 Vulnerability (CVE-2021-2169)

osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-43720)

Severity

Medium

Classification

CVE-2021-26072 CWE-918 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N