Security for everyone

CVE-2021-26072 Scanner

Detects 'Server-Side-Request-Forgery (SSRF)' vulnerability in WidgetConnector plugin in Confluence Server and Confluence Data Center affects v. before 5.8.6.

SCAN NOW

Short Info

Level

High

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

15 sec

Scan only one

Url

Parent Category

CVE-2021-26072 Scanner Detail

The WidgetConnector plugin is a third-party add-on used with Confluence Server and Confluence Data Center, which is developed by Atlassian. Its purpose is to enable users to connect with internal and external web applications, making it more convenient for them to access and share information. With its functionality, users can seamlessly integrate widgets and gadgets into their Confluence pages, allowing them to collect and display information in real-time.

Recently, a security vulnerability was detected in the WidgetConnector plugin, known as CVE-2021-26072. This blind Server-Side Request Forgery (SSRF) vulnerability enabled remote attackers to manipulate the content of internal network resources. Such an attack could result in the leakage of sensitive company information, such as payroll data, confidential customer records, and other critical internal files. This vulnerability could also be used to exploit other vulnerabilities on the target system or to launch a wider attack on other networks connected to the system.

The WidgetConnector plugin vulnerability discovered in Confluence Server and Data Center could lead to serious consequences if not addressed. Among the most critical threats are data breaches, loss of valuable intellectual property, damage to a company's reputation, and legal liabilities. Cyber attackers could exploit the vulnerability to steal sensitive data, sabotage company operations, or gain illicit access to other corporate networks.

Thanks to the security foreveryone.com platform's pro features, readers of this article can easily and quickly learn about vulnerabilities in their digital assets. The platform offers a comprehensive vulnerability scanning service that can identify potential security issues in various systems, including websites and web applications, cloud servers, and IoT devices. With regular scanning and monitoring, companies can ensure that their systems are secure and safe from cyber threats.

 

REFERENCES

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture