Unauthenticated OGNL injection in Confluence Server and Data Center
Description
CVE-2021-26084 is a critical OGNL (Object-Graph Navigation Language) injection vulnerability in Atlassian Confluence Server and Data Center. This flaw allows remote attackers to execute arbitrary code without authentication by exploiting improper input validation in the Webwork framework. The vulnerability affects multiple version ranges: all versions before 6.13.23, versions 6.14.0 through 7.4.10, versions 7.5.0 through 7.11.5, and versions 7.12.0 through 7.12.4.
Remediation
Immediately upgrade your Confluence Server or Data Center installation to a patched version. Follow these steps:
1. Identify your current version: Navigate to the Confluence Administration console and check your version number.
2. Upgrade to the appropriate fixed version based on your current release:
- If running version 6.13.x or earlier: upgrade to 6.13.23 or later
- If running version 6.14.x to 7.4.x: upgrade to 7.4.11 or later
- If running version 7.5.x to 7.11.x: upgrade to 7.11.6 or later
- If running version 7.12.x: upgrade to 7.12.5 or later
- Alternatively, upgrade to version 7.13.0 or later
3. Apply the upgrade: Follow Atlassian's official upgrade documentation for your specific version path.
4. Verify the upgrade: Confirm the new version is running and review system logs for any suspicious activity that may have occurred prior to patching.
Temporary mitigation: If immediate patching is not possible, consider restricting network access to the Confluence instance to trusted IP addresses only until the upgrade can be completed. However, this is not a substitute for patching.