Arbitrary servlet filter bypass vulnerability in Atlassian Confluence Server - CVE-2022-26136 (linux)ID: oval:org.secpod.oval:def:82326 | Date: (C)2022-07-25 (M)2023-05-30 |
Class: VULNERABILITY | Family: unix |
The host is installed with Atlassian Confluence Server before 7.4.17, 7.5.0 before 7.13.7, 7.14.0 before 7.14.3, 7.15.0 before 7.15.2, 7.16.0 before 7.16.4, 7.17.0 before 7.17.4 or 7.18.0 and is prone to an arbitrary servlet filter bypass vulnerability. A flaw is present in the application which fails to properly handle servlet filter. Successful exploitation allows unauthenticated attackers to cause authentication bypass and cross-site scripting.
Product: |
Atlassian Confluence Server |