Community
Products
Confluence
Questions
CVE-2021-26084 - Mitigation by Turning off "Allow people to sign up to create their account"

CVE-2021-26084 - Mitigation by Turning off "Allow people to sign up to create their account"

With respect to this vulnerability, do we have to run the mitigation script at all if we have "Allow people to sign up to create their account" turned off ?

2 answers

1 vote

Atlassian recommends running the workaround/mitigation script even if 'Allow people to sign up to create their own account' is disabled. There are several endpoints identified that expose Confluence to CVE-2021-26084, so applying the workaround script will temporarily mitigate against the known vulnerable end points until you can upgrade to a version that fixes this permanently.

We've reworded the advisory (Confluence Security Advisory CVE-2021-26084 - OGNL injection - 2021-08-25) to remove any ambiguity.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

0 votes

My reading of the vulnerability would say no, but I would defer to Atlassian if they say something different. A lot of people have the same question on this ticket. I would add yourself as a watcher to see if Atlassian responds with confirmation.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Forums

Product Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

CVE-2021-26084 - Mitigation by Turning off "Allow people to sign up to create their account"

2 answers

Suggest an answer

Was this helpful?

Thanks!

TAGS

Atlassian Community Events