virus logo Intrusion Prevention

Atlassian.Server.S.Endpoint.Information.Disclosure

description-logoDescription

This indicates an attack attempt to exploit an Information Disclosure Vulnerability in Atlassian Confluence Server or in Atlassian Jira Server.
This vulnerability is due to improper validation of resources with /s/ endpoints. A remote, unauthenticated attacker can exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in local file disclosure.

description-logoOutbreak Alert

According to FortiGuard Labs researcher, the two vulnerabilities could eventually lead to information disclosure. The CVE-2021-26085 for Atlassian Confluence Server could allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. While, the CVE-2021-26086 for Atlassian Jira Server and Data Center could allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint.

View the full Outbreak Alert Report

This report provides an overview of ongoing Iran-linked cyber operations, highlighting activity attributed to state-aligned proxies and hacktivist groups. The vulnerabilities listed are suspected to be exploited by actors associated with Iran in real-world campaigns, consistent with observed tactics, techniques, and procedures (TTPs). Iran-linked operations continue to rely on distributed, lower-complexity techniques, including phishing, DDoS, data exfiltration, and destructive attacks. Initial access is primarily achieved through exploitation of known, unpatched vulnerabilities and exposed edge infrastructure, reflecting a persistent and opportunistic threat posture targeting government, critical infrastructure, and enterprise environments.

View the full Outbreak Alert Report

affected-products-logoAffected Products

Atlassian Confluence Server 7.5.0 through 7.12.3
Atlassian Confluence Server prior to 7.4.10
Atlassian Jira Server prior to 8.4.14
Atlassian Jira Server 8.6.0 to 8.13.5
Atlassian Jira Server 8.14.0 to 8.16.0

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://jira.atlassian.com/browse/CONFSERVER-67893
https://jira.atlassian.com/browse/JRASERVER-72695

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Status Detail
2022-12-14 22.457
Modified
 Name:Atlassian.
Confluence.
Server.
S.
Endpoint.
Information.
Disclosure:Atlassian.
Server.
S.
Endpoint.
Information.
Disclosure
2021-12-06 19.208
Modified
 Default_action:pass:drop
2021-11-04 18.191
New
ID 50857
Created Oct 18, 2021
Updated Dec 13, 2022
CVE ID
Tags Atlassian Information Disclosure Iran-linked Cyber Attacks
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Known Exploited Yes
Exploit Prediction Score 94.19%
Default Action drop
Active
Affected OS Windows, Linux
Affected App Other
Profile Type Information Disclosure