CVE-2021-43940

Published: Feb 15, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence Server and Data Center on Windows. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.

Affected (4)

Products: Atlassian: Confluence Data Center, Confluence Server

Atlassian

2 products

Confluence Data Center

Confluence Server

Configuration A

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Atlassian Confluence Data Center	Before 7.4.10
Atlassian Confluence Data Center	From 7.5.0 to 7.12.3
Atlassian Confluence Server	Before 7.4.10
Atlassian Confluence Server	From 7.5.0 to 7.12.3

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

CWE-427

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (2)

https://jira.atlassian.com/browse/CONFSERVER-66550

Source: security@atlassian.com

Issue TrackingVendor Advisory

https://jira.atlassian.com/browse/CONFSERVER-66550

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.