Atlassian Confluence Server OGNL Remote Code Execution

Added: 09/20/2021

Background

Atlassian Confluence is a collaboration and knowledge management application.

Problem

Atlassian Confluence has an OGNL injection vulnerability that would allow an unauthenticated user to execute arbitrary code on a Confluence Server.

Resolution

Upgrade to Confluence version 6.13.23, 7.4.11, 7.11.6, 7.12.5 or higher.

References

https://www.exploit-db.com/exploits/50243

Limitations

Back to exploit index