• Creation
  • Validation
  • Communication & fix
  • Disclosure

NACHC / Confluence version 7.8.0 likely vulnerable to CVE-2021-26084

reported 2021-09-30

A confluence instance under the domain confluence.nachc.org has been analyzed vulnerable to a recently wildly exploited RCE.

Impacted URL : https://confluence.nachc.org/login.action

It is critical to update to a safe version as soon as possible.

The CVE-2021-26084 prevention reports are identified and dispatched with the help of HaboubiAnis

Reference :

IP:
99.83.146.9
Port:
443
Detected protocol:
https
Confluence version 7.8.0 likely vulnerable to CVE-2021-26084
Found by ConfluenceVersionIssue 2021-09-28
Report created by    BloodyShell  2021-09-30
Report approved by    BloodyShell  2021-09-30
New PDF report generated by system 2021-09-30
Report dispatched to ...@... by system 2021-09-30
Report dispatched to ...@... by system 2021-09-30
Report marked as fixed by    BloodyShell  2021-10-09
BloodyShell commented 2021-10-09: approved shows in report

The issue looks resolved, closing

New PDF report generated by system 2021-10-09
Report comment dispatched to anis@com-plete.be by system 2021-10-09
Report comment dispatched to jdelossantos@nachc.org by system 2021-10-09
Report closed by    BloodyShell  2021-10-09
New PDF report generated by system 2021-10-09
Information
Owner NACHC
Created 2021-09-30 14:04
Updated 2021-10-09 13:10
Fixed true

Contacts
a...@com-plete.be
j...@nachc.org

Status
Status closed
Hosting contacted false
CERT contacted false

Download report