This write-up provides an overview of CVE-2021-26084 – Confluence Server Webwork OGNL injection that would allow an authenticated user to execute arbitrary code on a Confluence Server or Data Center instance.
Confluence Server / Data Center makes use of Webwork 2 MVC framework to process web requests and the view layer primarily consists of Velocity templates. A double evaluation is performed when velocity templates use Webwork tags with a value attribute that contains $. When a Webwork tag with a Value attribute that has a $ is encountered an initial evaluation happens in the parsing of Velocity template; this evaluated value is then passed to the Webwork tag which further evaluates the value as an OGNL expression. If the action class exposes a setter function for the parameter used in the value attribute then this parameter can be set from the URL by using URL params.. So by crafting a URL with an OGNL payload an attacker can perform remote code execution on the affected versions of the Confluence Server / Data Center.
This post was created with our nice and easy submission form. Create your post!