0x01. 漏洞概述
在受影响的 Confluence Server 和 Data Center 版本中,存在一个 OGNL 表达式注入漏洞,该漏洞允许未经身份验证的攻击者在 Confluence Server 或 Data Center 实例上执行任意代码。
影响范围:
- Atlassian Confluence Server and Data Center < 7.4.17
- 7.5.0 ≤ Atlassian Confluence Server and Data Center < 7.13.7
- 7.14.0 ≤ Atlassian Confluence Server and Data Center < 7.14.3
- 7.15.0 ≤ Atlassian Confluence Server and Data Center < 7.15.2
- 7.16.0 ≤ Atlassian Confluence Server and Data Center < 7.16.4
- 7.17.0 ≤ Atlassian Confluence Server and Data Center < 7.17.4
- 7.18.0 ≤ Atlassian Confluence Server and Data Center < 7.18.1
0x02. 环境搭建
-
Ubuntu 18.04
-
confluence:7.4.4
wget https://downloads.atlassian.com/software/confluence/downloads/atlassian-confluence-7.4.4-x64.bin
chmod +x atlassian-conf