CVE-2021-26084

Applications

Atlassian

Confluence

CNF Security

Applies specifically to Confluence 7.5 on AWS CloudFormation deployment using QuickStart templates, but can be generalised. Refer to the Atlassian docuemtnatrion for full details: https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html

Mitigation

Download these files and transfer them to /tmp on the AWS Confluence Node

https://confluence.atlassian.com/doc/files/1077906215/1077916296/2/1629936383093/cve-2021-26084-update.sh

Update the script to reflect your Confluence installation directory. e.g.

INSTALLATION_DIRECTORY=/opt/atlassian/confluence/current

This issue can also be addressed by upgrading to any of the following versions, or later (all other versions below 7.13.0 are affected)...

7.4.11
7.11.6
7.12.5
7.13.0 and above

Logged in to AWS Confluence Node (as ec2-user)...

sudo su - root

systemctl stop confluence

chmod 700 /tmp/cve-2021-26084-update.sh

/tmp/cve-2021-26084-update.sh

systemctl start confluence

Once you are happy that the Change is successful...

rm /tmp/cve-2021-26084-update.sh

If you need to backout after the vulnerable jar files are deleted you should terminate the AWS instance, which should restart without this mitigation in place.

Note that you will also need to perform any other manual configuration changes you may have deployed for other issues.

Bibliography

https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html