A pre-authenticated RCE vulnerability in Atlassian Confluence
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance.
- Atlassian Confluence Server
- Atlassian Confluence Data Center
- Versions > 1.3.0 (< 7.4.17, < 7.13.7, < 7.14.3, < 7.15.2, < 7.16.4, < 7.17.4, < 7.18.1) (Note: these are all individual versions, basically all versions upto 7.4.17 are vulnerable, but 7.13.6 is not a newer than 7.4.x -> also vulnerable)