Candidate: CVE-2021-39114
PublicDate: 2022-04-05 04:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39114
 https://jira.atlassian.com/browse/CONFSERVER-68844
Description:
 Affected versions of Atlassian Confluence Server and Data Center allow
 users with a valid account on a Confluence Data Center instance to execute
 arbitrary Java code or run arbitrary system commands by injecting an OGNL
 payload. The affected versions are before version 6.13.23, from version
 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version
 7.12.0 before 7.12.5.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_confluence:
upstream_confluence: needs-triage
trusty_confluence: ignored (out of standard support)
xenial_confluence: ignored (out of standard support)