CVE-2021-26085

受影响版本的Atlassian Confluence Server允许远程攻击者通过/s/端点的“预授权任意文件读取”漏洞查看受限资源。受影响的版本为7.4.10之前和7.5.0之前的版本。
可以查看我们服务器端任意文件

此漏洞的严重性以及官方是否有补漏方法

2 answers

1 vote

A fix for this issue is available to Server and Data Center customers in Confluence 7.4.10
Upgrade now or check out the Release Notes to see what other issues are resolved.

https://jira.atlassian.com/browse/CONFSERVER-67893

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

我这边不方便进行升级，有没有什么缓解办法？

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

0 votes

看起来这里唯一的选择是升级 Confluence，但我建议向 Atlassian Support 提出支持请求，以确认并了解是否还有其他解决方法。

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Suggest an answer

Was this helpful?

Thanks!

Confluence

DEPLOYMENT TYPE

CLOUD

Forums

Product Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

CVE-2021-26085

2 answers

Suggest an answer

Was this helpful?

Thanks!

DEPLOYMENT TYPE

TAGS

Atlassian Community Events