Summary | RCE vulnerabilities in User Profile Configuration of User Profiles for Confluence |
|---|---|
Advisory Release Date | 28 27 October 2021 |
Product | User Profiles for Confluence |
Affected User Profiles for Confluence Versions | all version until version 3.3.12 |
Fixed User Profiles for Confluence Version | 3.3.13 |
...
The vulnerabilities have been rated as P1 (SevereCritical) according to the scale published under the Bugcrowd’s Vulnerability Rating Taxonomy (VRT).
...
The vulnerabilities were caused due to a previously discovered OGNL injection vulnerability. For more details about this please have a look here or hereat the issue itself at CVE-2021-26084 or at the news Atlassian Confluence flaw actively exploited to install cryptominers.