Atlassian.Server.S.Endpoint.Information.Disclosure

Description

This indicates an attack attempt to exploit an Information Disclosure Vulnerability in Atlassian Confluence Server or in Atlassian Jira Server.
This vulnerability is due to improper validation of resources with /s/ endpoints. A remote, unauthenticated attacker can exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in local file disclosure.

Outbreak Alert

According to FortiGuard Labs researcher, the two vulnerabilities could eventually lead to information disclosure. The CVE-2021-26085 for Atlassian Confluence Server could allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. While, the CVE-2021-26086 for Atlassian Jira Server and Data Center could allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint.

View the full Outbreak Alert Report

Affected Products

Atlassian Confluence Server 7.5.0 through 7.12.3
Atlassian Confluence Server prior to 7.4.10
Atlassian Jira Server prior to 8.4.14
Atlassian Jira Server 8.6.0 to 8.13.5
Atlassian Jira Server 8.14.0 to 8.16.0

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://jira.atlassian.com/browse/CONFSERVER-67893
https://jira.atlassian.com/browse/JRASERVER-72695