You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
Version 1
Next »
漏洞-CVE-2021-26084
影响
| 主题 | CVE-2021-26084 - Confluence Webwork OGNL注入 |
|---|
| 安全信息发布时间 | |
|---|
| 涉及产品 | Confluence Server Confluence Data Center |
|---|
| - All 4.x.x versions
- All 5.x.x versions
- All 6.0.x versions
- All 6.1.x versions
- All 6.2.x versions
- All 6.3.x versions
- All 6.4.x versions
- All 6.5.x versions
- All 6.6.x versions
- All 6.7.x versions
- All 6.8.x versions
- All 6.9.x versions
- All 6.10.x versions
- All 6.11.x versions
- All 6.12.x versions
- All 6.13.x versions before 6.13.23
- All 6.14.x versions
- All 6.15.x versions
- All 7.0.x versions
- All 7.1.x versions
- All 7.2.x versions
- All 7.3.x versions
- All 7.4.x versions before 7.4.11
- All 7.5.x versions
- All 7.6.x versions
- All 7.7.x versions
- All 7.8.x versions
- All 7.9.x versions
- All 7.10.x versions
- All 7.11.x versions before 7.11.6
- All 7.12.x versions before 7.12.5
|
|---|
| 修复版本 | - 6.13.23
- 7.4.11
- 7.11.6
- 7.12.5
- 7.13.0
|
|---|
升级到版本6.13.23、7.11.6、7.12.5、7.13.0或7.4.11的客户不受影响
解决方案
方案一
升级到安全版本
方案一(临时)
执行以下脚本,对系统中的文件进行修正来临时解决注入的风险
cve-2021-26084-update.sh
安全漏洞描述
存在OGNL注入漏洞,该漏洞允许经过身份验证的用户(在某些情况下是未经身份验证的用户)在Confluence实例上执行任意代码。
https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html