CVE-2021-26084 – Confluence Server Webwork OGNL injection

This write-up provides an overview of CVE-2021-26084 – Confluence Server Webwork OGNL injection that would allow an authenticated user to execute arbitrary code on a Confluence Server or Data Center instance.

Confluence Server / Data Center makes use of Webwork 2 MVC framework to process web requests and the view layer primarily consists of Velocity templates. A double evaluation is performed when velocity templates use Webwork tags with a value attribute that contains $. When a Webwork tag with a Value attribute that has a $ is encountered an initial evaluation happens in the parsing of Velocity template; this evaluated value is then passed to the Webwork tag which further evaluates the value as an OGNL expression. If the action class exposes a setter function for the parameter used in the value attribute then this parameter can be set from the URL by using URL params.. So by crafting a URL with an OGNL payload an attacker can perform remote code execution on the affected versions of the Confluence Server / Data Center.

This post was created with our nice and easy submission form. Create your post!

What do you think?

Posted by SH

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

Apache bug CVE-20 allows Hacker Access Root Files