Atlassian Confluence Server OGNL injection

Added: 06/06/2022

Background

Atlassian Confluence is a collaboration and knowledge management application.

Problem

Atlassian Confluence has an OGNL injection vulnerability that could allow an unauthenticated user to execute arbitrary code on a Confluence Server.

Resolution

Upgrade to Confluence version 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4, 7.18.1, or higher.

References

https://jira.atlassian.com/browse/CONFSERVER-79016

Back to exploit index