{"id":9395,"date":"2021-09-14T12:19:41","date_gmt":"2021-09-14T08:19:41","guid":{"rendered":"https:\/\/me.kaspersky.com\/blog\/?p=9395"},"modified":"2021-09-14T12:19:41","modified_gmt":"2021-09-14T08:19:41","slug":"confluence-server-cve-2021-26084","status":"publish","type":"post","link":"https:\/\/me.kaspersky.com\/blog\/confluence-server-cve-2021-26084\/9395\/","title":{"rendered":"\u0642\u0645 \u0628\u062a\u062d\u062f\u064a\u062b \u062e\u0627\u062f\u0645 Confluence \u0627\u0644\u0622\u0646"},"content":{"rendered":"<p>\u00a0<\/p>\n<p>\u0641\u064a \u0646\u0647\u0627\u064a\u0629 \u0634\u0647\u0631 \u0623\u063a\u0633\u0637\u0633\u060c \u0623\u0639\u0644\u0646\u062a \u0634\u0631\u0643\u0629 Atlassian\u060c \u0627\u0644\u0634\u0631\u0643\u0629 \u0627\u0644\u062a\u064a \u062a\u0637\u0648\u0631 \u0623\u062f\u0648\u0627\u062a\u060c \u0645\u062b\u0644 Jira \u0648Confluence \u0648Hipchat\u060c \u0639\u0646 \u0625\u0635\u062f\u0627\u0631 \u062a\u062d\u062f\u064a\u062b \u0644\u0625\u0635\u0644\u0627\u062d \u0627\u0644\u0636\u0639\u0641 <a href=\"https:\/\/jira.atlassian.com\/browse\/CONFSERVER-67940\" target=\"_blank\" rel=\"noopener nofollow\">CVE-2021-26084<\/a> \u0641\u064a \u0623\u062f\u0627\u0629 wiki \u0627\u0644\u062e\u0627\u0635\u0629 \u0628\u0627\u0644\u0634\u0631\u0643\u0629 \u0648\u0647\u064a Confluence. \u0648\u0645\u0646\u0630 \u0630\u0644\u0643 \u0627\u0644\u062d\u064a\u0646\u060c <a href=\"https:\/\/searchsecurity.techtarget.com\/news\/252506129\/Atlassian-Confluence-flaw-under-active-attack\" target=\"_blank\" rel=\"noopener nofollow\">\u0634\u0647\u062f<\/a> \u062e\u0628\u0631\u0627\u0621 \u0627\u0644\u0623\u0645\u0646 \u0639\u0645\u0644\u064a\u0627\u062a \u0628\u062d\u062b \u0648\u0627\u0633\u0639\u0629 \u0627\u0644\u0646\u0637\u0627\u0642 \u0639\u0646 \u062e\u0648\u0627\u062f\u0645 Confluence \u0627\u0644\u0645\u0639\u0631\u0636\u0629 \u0644\u0644\u062e\u0637\u0631 \u0648\u0645\u062d\u0627\u0648\u0644\u0627\u062a \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0646\u0634\u0637\u0629. \u0646\u0648\u0635\u064a \u062c\u0645\u064a\u0639 \u0645\u0634\u0631\u0641\u064a \u062e\u0627\u062f\u0645 Confluence <a href=\"https:\/\/www.atlassian.com\/software\/confluence\/download-archives\" target=\"_blank\" rel=\"noopener nofollow\">\u0628\u0627\u0644\u062a\u062d\u062f\u064a\u062b<\/a> \u0641\u064a \u0623\u0642\u0631\u0628 \u0648\u0642\u062a \u0645\u0645\u0643\u0646.<\/p>\n<h2>\u0645\u0627 \u0647\u0648 CVE-2021-26084\u061f<\/h2>\n<p>CVE-2021-26084 \u0647\u0648 \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u0641\u064a Confluence. \u064a\u0646\u0634\u0623 \u0639\u0646 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0644\u063a\u0629 \u0627\u0644\u062a\u0646\u0642\u0644 \u0641\u064a \u0627\u0644\u0631\u0633\u0645 \u0627\u0644\u0628\u064a\u0627\u0646\u064a \u0644\u0644\u0643\u0627\u0626\u0646\u0627\u062a (OGNL) \u0641\u064a \u0646\u0638\u0627\u0645 \u0639\u0644\u0627\u0645\u0627\u062a Confluence. \u062a\u0633\u0645\u062d \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0628\u0625\u062f\u062e\u0627\u0644 \u0631\u0645\u0632 OGNL \u0648\u0628\u0627\u0644\u062a\u0627\u0644\u064a \u062a\u0646\u0641\u064a\u0630 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u0639\u0634\u0648\u0627\u0626\u064a\u0629 \u0639\u0644\u0649 \u0623\u062c\u0647\u0632\u0629 \u0627\u0644\u0643\u0645\u0628\u064a\u0648\u062a\u0631 \u0627\u0644\u0645\u062b\u0628\u062a \u0639\u0644\u064a\u0647\u0627 Confluence Server \u0623\u0648 Confluence Data Center. \u0648\u0641\u064a \u0628\u0639\u0636 \u0627\u0644\u062d\u0627\u0644\u0627\u062a\u060c \u062d\u062a\u0649 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0627\u0644\u0630\u064a \u0644\u0645 \u062a\u062a\u0645 \u0645\u0635\u0627\u062f\u0642\u062a\u0647 \u064a\u0645\u0643\u0646\u0647 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 (\u0625\u0630\u0627 \u0643\u0627\u0646 \u0627\u0644\u062e\u064a\u0627\u0631<em> \u201c\u0627\u0644\u0633\u0645\u0627\u062d \u0644\u0644\u0623\u0634\u062e\u0627\u0635 \u0628\u0627\u0644\u062a\u0633\u062c\u064a\u0644 \u0644\u0625\u0646\u0634\u0627\u0621 \u062d\u0633\u0627\u0628\u0627\u062a\u0647\u0645\u201d<\/em> \u0645\u0641\u0639\u0644\u064b\u0627).<\/p>\n<p>\u064a\u0639\u062a\u0628\u0631 Atlassian \u0647\u0630\u0647 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u062d\u0631\u062c\u0629. \u0644\u062f\u064a\u0647\u0627 \u062a\u0635\u0646\u064a\u0641 \u0634\u062f\u0629 9.8 CVSS\u060c \u0648\u0627\u0644\u0639\u062f\u064a\u062f \u0645\u0646 <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/poc-proof-of-concept\/\" target=\"_blank\" rel=\"noopener\">\u0625\u062b\u0628\u0627\u062a\u0627\u062a \u0627\u0644\u0645\u0641\u0627\u0647\u064a\u0645<\/a> \u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644\u0647\u0627\u060c \u0628\u0645\u0627 \u0641\u064a \u0630\u0644\u0643 \u0623\u0646! \u0627\u0644\u0625\u0635\u062f\u0627\u0631 \u0627\u0644\u0630\u064a \u064a\u0633\u0645\u062d <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/remote-code-execution-rce\/\" target=\"_blank\" rel=\"noopener\">\u0628\u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 \u0639\u0646 \u0628\u0639\u062f<\/a> (RCE) \u060c \u0645\u062a\u0648\u0641\u0651\u0631 \u0628\u0627\u0644\u0641\u0639\u0644 \u0639\u0644\u0649 \u0627\u0644\u0625\u0646\u062a\u0631\u0646\u062a.<\/p>\n<h2>\u0645\u0627 \u0647\u064a \u0625\u0635\u062f\u0627\u0631\u0627\u062a Confluence \u0627\u0644\u0645\u0639\u0631\u0636\u0629 \u0644\u0644\u062e\u0637\u0631\u061f<\/h2>\n<p>\u0627\u0644\u0623\u0645\u0631 \u0645\u0639\u0642\u062f \u0628\u0639\u0636 \u0627\u0644\u0634\u064a\u0621. \u064a\u0633\u062a\u062e\u062f\u0645 \u0639\u0645\u0644\u0627\u0621 Atlassian \u0625\u0635\u062f\u0627\u0631\u0627\u062a \u0645\u062e\u062a\u0644\u0641\u0629 \u0645\u0646 Confluence \u0648\u0644\u0627 \u064a\u064f\u0639\u0631\u0641 \u0639\u0646\u0647\u0645 \u0625\u062c\u0631\u0627\u0621 \u0627\u0644\u062a\u062d\u062f\u064a\u062b\u0627\u062a \u0641\u064a \u0627\u0644\u0648\u0642\u062a \u0627\u0644\u0645\u0646\u0627\u0633\u0628. \u0648\u0641\u0642\u064b\u0627 \u0644\u0648\u0635\u0641 Atlassian \u0627\u0644\u0631\u0633\u0645\u064a\u060c \u0623\u0635\u062f\u0631\u062a \u0627\u0644\u0634\u0631\u0643\u0629 \u062a\u062d\u062f\u064a\u062b\u0627\u062a \u0644\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a 6.13.23 \u06487.4.11 \u06487.11.6 \u06487.12.5 \u06487.13.0. \u0648\u0647\u0630\u0627 \u064a\u062a\u0631\u0643 CVE-2021-26084 \u0642\u0627\u0628\u0644\u0627\u064b \u0644\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0639\u0644\u0649 \u0625\u0635\u062f\u0627\u0631\u0627\u062a Confluence Server \u0627\u0644\u0633\u0627\u0628\u0642\u0629 6.13.23\u060c \u0645\u0646 6.14.0 \u0625\u0644\u0649 7.4.11 \u0648\u0645\u0646 7.5.0 \u0625\u0644\u0649 7.11.6 \u0648\u0645\u0646 7.12.0 \u0625\u0644\u0649 7.12.5. \u0644\u0627 \u062a\u0624\u062b\u0631 \u0645\u0634\u0643\u0644\u0629 \u0627\u0644\u0636\u0639\u0641 \u0647\u0630\u0647 \u0639\u0644\u0649 \u0645\u0633\u062a\u062e\u062f\u0645\u064a Confluence Cloud.<\/p>\n<h2>\u0643\u064a\u0641 \u062a\u062d\u0627\u0641\u0638 \u0639\u0644\u0649 \u0633\u0644\u0627\u0645\u062a\u0643<\/h2>\n<p>\u062a\u0648\u0635\u064a Atlassian \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0623\u062d\u062f\u062b \u0625\u0635\u062f\u0627\u0631 \u0645\u0646 Confluence\u060c \u0648\u0647\u0648 7.13.0. \u0625\u0630\u0627 \u0644\u0645 \u064a\u0643\u0646 \u0647\u0630\u0627 \u062e\u064a\u0627\u0631\u064b\u0627 \u0645\u062a\u0627\u062d\u064b\u0627 \u060c \u0641\u0646\u0646\u0635\u062d \u0645\u0633\u062a\u062e\u062f\u0645\u064a 6.13.<em>x<\/em> \u0628\u062a\u062d\u062f\u064a\u062b \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a \u0625\u0644\u0649 6.13.23; 7.4.<em>x<\/em> \u0625\u0644\u0649 7.4.11 \u06487.11.<em>x<\/em> \u0625\u0644\u0649 7.11.6 \u06487.12.<em>x<\/em> \u0625\u0644\u0649 7.12.5 \u0639\u0644\u0649 \u0627\u0644\u062a\u0648\u0627\u0644\u064a. \u0648\u062a\u0642\u062f\u0645 \u0627\u0644\u0634\u0631\u0643\u0629<a href=\"https:\/\/confluence.atlassian.com\/doc\/confluence-security-advisory-2021-08-25-1077906215.html\" target=\"_blank\" rel=\"noopener nofollow\"> \u0639\u062f\u0629 \u062d\u0644\u0648\u0644 \u0645\u0624\u0642\u062a\u0629<\/a> \u0644\u0644\u062d\u0644\u0648\u0644 \u0627\u0644\u0645\u0633\u062a\u0646\u062f\u0629 \u0625\u0644\u0649 Linux \u0648 Microsoft Windows\u060c \u0644\u0623\u0648\u0644\u0626\u0643 \u0627\u0644\u0630\u064a\u0646 \u0644\u0627 \u064a\u0633\u062a\u0637\u064a\u0639\u0648\u0646 \u0625\u0646\u062c\u0627\u0632 \u062d\u062a\u0649 \u062a\u0644\u0643 \u0627\u0644\u062a\u062d\u062f\u064a\u062b\u0627\u062a \u0627\u0644\u0625\u0636\u0627\u0641\u064a\u0629.<\/p>\n<p>\u0627\u0644\u0623\u062c\u0647\u0632\u0629 \u0627\u0644\u062a\u064a \u062a\u0639\u0645\u0644 \u0639\u0644\u0649 Confluence \u0647\u064a \u0646\u0642\u0627\u0637 \u0646\u0647\u0627\u064a\u0629\u060c \u062a\u0645\u0627\u0645\u064b\u0627 \u0645\u062b\u0644 \u0623\u064a \u062e\u0627\u062f\u0645 \u0622\u062e\u0631. \u0648\u0645\u062b\u0644 \u0623\u064a \u062e\u0627\u062f\u0645 \u0622\u062e\u0631 \u060c \u0641\u0625\u0646\u0647\u0627 \u0628\u062d\u0627\u062c\u0629 \u0625\u0644\u0649 \u062d\u0644\u00a0 <a href=\"https:\/\/me.kaspersky.com\/small-to-medium-business-security?icid=me-ar_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">\u0623\u0645\u0646\u064a \u062c\u064a\u062f<\/a>\u00a0 \u0644\u062c\u0639\u0644 \u062a\u0634\u063a\u064a\u0644 \u0627\u0644\u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 \u0627\u0644\u062a\u0639\u0633\u0641\u064a\u0629 \u0623\u0635\u0639\u0628 \u0628\u0643\u062b\u064a\u0631.<\/p>\n<p>\u00a0<\/p>\n<p>\u0648\u0636\u0639 \u0641\u064a \u0627\u0639\u062a\u0628\u0627\u0631\u0643 \u0623\u064a\u0636\u064b\u0627 \u0623\u0646 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0639\u0646 \u0628\u064f\u0639\u062f \u0633\u064a\u062a\u0637\u0644\u0628 \u062f\u062e\u0648\u0644 \u0627\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0625\u0644\u0649 \u0634\u0628\u0643\u0629 \u0627\u0644\u0634\u0631\u0643\u0629 \u0648\u064a\u0633\u062a\u0637\u064a\u0639 \u0627\u0644\u062e\u0628\u0631\u0627\u0621 \u0627\u0644\u0630\u064a\u0646 \u0644\u062f\u064a\u0647\u0645 \u062e\u062f\u0645\u0627\u062a \u0641\u0626\u0629\u00a0 <a href=\"https:\/\/me.kaspersky.com\/enterprise-security\/managed-detection-and-response?icid=me-ar_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">\u0627\u0644\u0643\u0634\u0641 \u0648\u0627\u0644\u0627\u0633\u062a\u062c\u0627\u0628\u0629 \u0627\u0644\u0645\u064f\u062f\u0627\u0631\u0629<\/a>\u00a0 \u0644\u0643\u0634\u0641 \u0647\u0630\u0627 \u0627\u0644\u0646\u0648\u0639 \u0645\u0646 \u0627\u0644\u0646\u0634\u0627\u0637 \u0627\u0644\u0645\u0634\u0628\u0648\u0647. \u062a\u062c\u062f\u0631 \u0627\u0644\u0625\u0634\u0627\u0631\u0629 \u0623\u064a\u0636\u064b\u0627 \u0625\u0644\u0649 \u0623\u0646\u0647 \u064a\u062c\u0628 \u062a\u0642\u064a\u064a\u062f \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 Confluence \u2013 \u0644\u0627 \u064a\u0646\u0628\u063a\u064a \u0644\u0623\u064a \u0634\u062e\u0635 \u062e\u0627\u0631\u062c \u0627\u0644\u0634\u0631\u0643\u0629 \u0627\u0644\u0648\u0635\u0648\u0644 \u0625\u0644\u0649 \u062e\u062f\u0645\u0627\u062a \u0627\u0644\u0634\u0631\u0643\u0629 \u0627\u0644\u062f\u0627\u062e\u0644\u064a\u0629.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kesb\">\n","protected":false},"excerpt":{"rendered":"<p>\u064a\u0628\u062d\u062b \u0627\u0644\u0645\u062e\u062a\u0631\u0642\u0648\u0646 \u0639\u0646 \u062e\u0648\u0627\u062f\u0645 Confluence \u0636\u0639\u064a\u0641\u0629 \u0648\u064a\u0633\u062a\u063a\u0644\u0648\u0646 CVE-2021-26084\u060c \u0648\u0647\u064a \u0625\u062d\u062f\u0649 \u062b\u063a\u0631\u0627\u062a RCE.<\/p>\n","protected":false},"author":2581,"featured_media":9396,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[892,893,631],"tags":[1674,1673,1675,1406],"class_list":{"0":"post-9395","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-smb","9":"category-business","10":"tag-atlassian","11":"tag-confluence","12":"tag-rce","13":"tag-1406"},"hreflang":[{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/confluence-server-cve-2021-26084\/9395\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/confluence-server-cve-2021-26084\/23254\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/confluence-server-cve-2021-26084\/18741\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/confluence-server-cve-2021-26084\/25306\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/confluence-server-cve-2021-26084\/23376\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/confluence-server-cve-2021-26084\/22750\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/confluence-server-cve-2021-26084\/25919\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/confluence-server-cve-2021-26084\/25450\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/confluence-server-cve-2021-26084\/31423\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/confluence-server-cve-2021-26084\/9999\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/confluence-server-cve-2021-26084\/41635\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/confluence-server-cve-2021-26084\/17563\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/confluence-server-cve-2021-26084\/18058\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/confluence-server-cve-2021-26084\/15209\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/confluence-server-cve-2021-26084\/27273\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/confluence-server-cve-2021-26084\/31553\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/confluence-server-cve-2021-26084\/27490\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/confluence-server-cve-2021-26084\/24300\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/confluence-server-cve-2021-26084\/29640\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/confluence-server-cve-2021-26084\/29433\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me.kaspersky.com\/blog\/tag\/%d9%86%d9%82%d8%a7%d8%b7-%d8%a7%d9%84%d8%b6%d8%b9%d9%81\/","name":"\u0646\u0642\u0627\u0637 \u0627\u0644\u0636\u0639\u0641"},"_links":{"self":[{"href":"https:\/\/me.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/9395","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2581"}],"replies":[{"embeddable":true,"href":"https:\/\/me.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=9395"}],"version-history":[{"count":1,"href":"https:\/\/me.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/9395\/revisions"}],"predecessor-version":[{"id":9397,"href":"https:\/\/me.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/9395\/revisions\/9397"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/9396"}],"wp:attachment":[{"href":"https:\/\/me.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=9395"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=9395"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=9395"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}