Date: Mon, 3 Oct 2022 21:20:14 +0800 (CST) Message-ID: <1393175928.3762.1664803214700@izbp1i1jfn47dnwbl698x4z> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_3761_346859838.1664803214700" ------=_Part_3761_346859838.1664803214700 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html 2021-08-25 Confluence Server Webwork OGNL injection

2021-08-25 Confluence Server Webwork OGNL injection

=E6=BC=8F=E6=B4=9E-CVE-2021-26084

=E5=BD=B1=E5=93=8D

=20 =20 =20
=E4=B8=BB=E9=A2=98

CVE-2021-26084 - Confluence Web= work OGNL=E6=B3=A8=E5=85=A5
=E5=AE=89=E5=85=A8=E4=BF=A1=E6=81=AF=E5=8F=91=E5= =B8=83=E6=97=B6=E9=97=B4

&nbs= p;
=E6=B6=89=E5=8F=8A=E4=BA=A7=E5=93=81

Confluence Server

Confluence Data Cente= r

=E5=BD=B1=E5=93=8DConfluence=E7=89=88=E6=9C=AC
  • All 4.x.x versions
  • All 5.x.x versions
  • All 6.0.x versions
  • All 6.1.x versions
  • All 6.2.x versions
  • All 6.3.x versions
  • All 6.4.x versions
  • All 6.5.x versions
  • All 6.6.x versions 
  • All 6.7.x versions
  • All 6.8.x versions
  • All 6.9.x versions
  • All 6.10.x versions
  • All 6.11.x versions
  • All 6.12.x versions 
  • All 6.13.x versions before 6.13.23
  • All 6.14.x versions 
  • All 6.15.x versions 
  • All 7.0.x versions
  • All 7.1.x versions
  • All 7.2.x versions
  • All 7.3.x versions
  • All 7.4.x versions before 7.4.11
  • All 7.5.x versions
  • All 7.6.x versions 
  • All 7.7.x versions
  • All 7.8.x versions
  • All 7.9.x versions
  • All 7.10.x versions
  • All 7.11.x versions before 7.11.6
  • All 7.12.x versions before 7.12.5
=E4=BF=AE=E5=A4=8D=E7=89=88=E6=9C= =AC
  • 6.13.23
  • 7.4.11
  • 7.11.6
  • 7.12.5
  • 7.13.0

=E5=8D=87=E7=BA=A7=E5=88=B0=E7=89=88=E6=9C=AC6.13.23=E3=80=817.11.6=E3= =80=817.12.5=E3=80=817.13.0=E6=88=967.4.11=E7=9A=84=E5=AE=A2=E6=88=B7=E4=B8= =8D=E5=8F=97=E5=BD=B1=E5=93=8D

=E8=A7=A3=E5=86=B3=E6=96=B9=E6=A1=88

=E6=96=B9=E6=A1=88=E4=B8=80

=E5=8D=87=E7=BA=A7=E5=88=B0=E5=AE=89=E5=85=A8=E7=89=88=E6=9C=AC

=E6=96=B9=E6=A1=88=E4=BA= =8C=EF=BC=88=E4=B8=B4=E6=97=B6=EF=BC=89

=E6=89=A7=E8=A1=8C=E4=BB=A5=E4=B8=8B=E8=84=9A=E6=9C=AC=EF=BC=8C=E5=AF=B9= =E7=B3=BB=E7=BB=9F=E4=B8=AD=E7=9A=84=E6=96=87=E4=BB=B6=E8=BF=9B=E8=A1=8C=E4= =BF=AE=E6=AD=A3=E6=9D=A5=E4=B8=B4=E6=97=B6=E8=A7=A3=E5=86=B3=E6=B3=A8=E5=85= =A5=E7=9A=84=E9=A3=8E=E9=99=A9

cve-2021-26084-update.sh

=E5=AE=89=E5=85=A8=E6=BC=8F=E6=B4= =9E=E6=8F=8F=E8=BF=B0

=E5=AD=98=E5=9C=A8OGNL=E6=B3=A8=E5=85=A5=E6=BC=8F=E6=B4=9E=EF=BC=8C=E8= =AF=A5=E6=BC=8F=E6=B4=9E=E5=85=81=E8=AE=B8=E7=BB=8F=E8=BF=87=E8=BA=AB=E4=BB= =BD=E9=AA=8C=E8=AF=81=E7=9A=84=E7=94=A8=E6=88=B7=EF=BC=88=E5=9C=A8=E6=9F=90= =E4=BA=9B=E6=83=85=E5=86=B5=E4=B8=8B=E6=98=AF=E6=9C=AA=E7=BB=8F=E8=BA=AB=E4= =BB=BD=E9=AA=8C=E8=AF=81=E7=9A=84=E7=94=A8=E6=88=B7=EF=BC=89=E5=9C=A8Conflu= ence=E5=AE=9E=E4=BE=8B=E4=B8=8A=E6=89=A7=E8=A1=8C=E4=BB=BB=E6=84=8F=E4=BB= =A3=E7=A0=81=E3=80=82

=E6=96=B9=E6=A1=88=E4=BA=8C=E8=AF=B4=E6=98= =8E

=E5=B0=B1=E6=98=AF=E5=B0=86=E9=A1=B5=E9=9D=A2=E4=B8=AD$actionKey=E4=B9= =8B=E7=B1=BB=E7=9A=84=E5=80=BC=E8=BF=9B=E8=A1=8C=E5=9B=BA=E5=8C=96=EF=BC=8C= =E5=87=8F=E5=B0=91=E6=B3=A8=E5=85=A5=E7=9A=84=E5=8F=AF=E8=83=BD=E3=80=82=E7= =9B=AE=E5=89=8D=E5=8F=AA=E5=AF=B9=E5=8F=AF=E4=BB=A5=E8=BF=9B=E8=A1=8C=E5=9B= =BA=E5=8C=96=E7=9A=84=E9=A1=B5=E9=9D=A2=E4=BF=A1=E6=81=AF=E8=BF=9B=E8=A1=8C= =E4=BA=86=E6=9B=BF=E6=8D=A2=E5=A4=84=E7=90=86=EF=BC=8C=E4=BD=86=E5=B9=B6=E6= =9C=AA=E4=BB=8E=E6=BA=90=E5=A4=B4=E8=BF=9B=E8=A1=8C=E5=A4=84=E7=90=86=E3=80= =82

=20
=20 =E6=9F=A5=E7=9C=8B=E8=84=9A=E6=9C=AC=E5=86=85=E5=AE= =B9=20  Expand source=20 =20
=20
=20 
#!/bin/bash
# Filename   : cve-2021-26084-update.sh
# Description: Temporary workaround for CVE-2021-26084 for Confluence insta=
nces running on Linux based Operating Systems
# Reference  : https://confluence.atlassian.com/display/DOC/Confluence+Secu=
rity+Advisory+-+2021-08-25
# Usage      : sh cve-2021-26084-update.sh
# Version    : 1.4
set -u

# ###########################################
# Update user specific data in this section

# set this to where Confluence is installed
# e.g. INSTALLATION_DIRECTORY=3D/opt/atlassian/confluence
INSTALLATION_DIRECTORY=3D/opt/atlassian/confluence


# ########################################
# Do not change anything below this line

if [ -z "$INSTALLATION_DIRECTORY" ]
then
    echo "Please set INSTALLATION_DIRECTORY within this script and try runn=
ing this script again.";
    exit 1;
fi

# Make sure we are running as the correct Linux user
if [ ! -w "$INSTALLATION_DIRECTORY/confluence" ]
then
    echo "ERROR: Please run this script as the Linux user that owns the $IN=
STALLATION_DIRECTORY/confluence directory"
    echo " (i.e." `ls -ld "$INSTALLATION_DIRECTORY/confluence" | awk '{ pri=
nt $3 }'`")";
    exit 1;
fi

# Change SED flags dependent on OS
SEDFLAGS=3D-ri.bak
if uname -a | grep -qi "Darwin"
then
    SEDFLAGS=3D-Ei.bak
fi

# Change to Install Directory
echo "chdir '$INSTALLATION_DIRECTORY'"
cd "$INSTALLATION_DIRECTORY";
if [ $? -ne 0 ]; then
    echo "ERROR: Failed to change to the directory $INSTALLATION_DIRECTORY!=
"
    exit 1;
fi
echo ""

# check zip/unzip dependencies up front
UNZIP=3D`which unzip`
ZIP=3D`which zip`
if [ -z "$ZIP" ]
then
    echo "ERROR: 'zip' package is missing. Please install 'zip' and try run=
ning this update script again.";
    echo "e.g. RHEL based OS         , try 'sudo yum install zip unzip'"
    echo "e.g. Ubuntu/Docker based OS, try (as root) 'apt update; apt insta=
ll zip unzip'"
    echo "UPDATE FAILED, EXITING!"
    echo ""
    exit 1;
fi
if [ -z "$UNZIP" ]
then
    echo "ERROR: 'unzip' package is missing. Please install 'unzip' and try=
 running this update script again.";
    echo "e.g. RHEL based OS         , try 'sudo yum install zip unzip'"
    echo "e.g. Ubuntu/Docker based OS, try (as root) 'apt update; apt insta=
ll zip unzip'"
    echo "UPDATE FAILED, EXITING!"
    echo ""
    exit 1;
fi

# ######################################
# File 1 of 5

echo "File 1: 'confluence/users/user-dark-features.vm':"
echo -n "   a. backing up file.. "
cp -np confluence/users/user-dark-features.vm confluence/users/user-dark-fe=
atures.vm.original;
echo "done"
echo -n "   b. updating file.. "
sed $SEDFLAGS 's/(Enable dark feature.+value=3D)[^"]+"/\1featureKey"/' conf=
luence/users/user-dark-features.vm;
echo "done"
echo "   c. showing file changes.."
diff confluence/users/user-dark-features.vm.original confluence/users/user-=
dark-features.vm;
echo -n "   d. validating file changes.. "
if grep -qi "'\$!action.featureKey'" confluence/users/user-dark-features.vm
then
    echo "ERROR: Failed to update confluence/users/user-dark-features.vm"
    echo ""
    echo "UPDATE FAILED, EXITING!"
    exit 1;
fi
if ! grep -qi "value=3DfeatureKey" confluence/users/user-dark-features.vm
then
    echo "ERROR: Failed to update confluence/users/user-dark-features.vm"
    echo ""
    echo "UPDATE FAILED, EXITING!"
    exit 1;
fi
echo "ok"
echo "   e. file updated successfully!"
echo ""

# ######################################
# File 2 of 5

echo "File 2: 'confluence/login.vm':"
echo -n "   a. backing up file.. "
cp -np confluence/login.vm confluence/login.vm.original;
echo "done"
echo -n "   b. updating file.. "
sed $SEDFLAGS 's/("Hidden" "name=3D.token." "value=3D)[^"]+"/\1token"/' con=
fluence/login.vm;
echo "done"
echo "   c. showing file changes.."
diff confluence/login.vm.original confluence/login.vm
echo -n "   d. validating file changes.. "
if grep -qi "'\$!action.token'" confluence/login.vm
then
    echo "ERROR: Failed to update confluence/login.vm"
    echo ""
    echo "UPDATE FAILED, EXITING!"
    exit 1;
fi
if ! grep -qi "value=3Dtoken" confluence/login.vm
then
    echo "ERROR: Failed to update confluence/login.vm"
    echo ""
    echo "UPDATE FAILED, EXITING!"
    exit 1;
fi
echo "ok"
echo "   e. file updated successfully!"
echo ""

# ######################################
# File 3 of 5

echo "File 3: 'confluence/pages/createpage-entervariables.vm':"
echo -n "   a. backing up file.. "
cp -np confluence/pages/createpage-entervariables.vm confluence/pages/creat=
epage-entervariables.vm.original;
echo "done"
echo -n "   b. updating file.. "
sed $SEDFLAGS 's/("Hidden" "name=3D.([a-zA-Z]+)." "value=3D).\$[!l][^"]+"/\=
1\2"/' confluence/pages/createpage-entervariables.vm;
echo "done"
echo "   c. showing file changes.."
diff confluence/pages/createpage-entervariables.vm.original confluence/page=
s/createpage-entervariables.vm
echo -n "   d. validating file changes.."
if grep -qi "value=3D'\$!querystring" confluence/pages/createpage-entervari=
ables.vm
then
    echo "ERROR: Failed to update confluence/pages/createpage-entervariable=
s.vm"
    echo ""
    echo "UPDATE FAILED, EXITING!"
    exit 1;
fi
if grep -qi "value=3D'\$linkCreation" confluence/pages/createpage-entervari=
ables.vm
then
    echo "ERROR: Failed to update confluence/pages/createpage-entervariable=
s.vm"
    echo ""
    echo "UPDATE FAILED, EXITING!"
    exit 1;
fi
if ! grep -qi "value=3DlinkCreation" confluence/pages/createpage-entervaria=
bles.vm
then
    echo "ERROR: Failed to update confluence/pages/createpage-entervariable=
s.vm"
    echo ""
    echo "UPDATE FAILED, EXITING!"
    exit 1;
fi
echo "ok"
echo "   e. file updated successfully!"
echo ""

# ######################################
# File 4 of 5

echo "File 4: 'confluence/template/custom/content-editor.vm':"
echo -n "   a. backing up file.. "
cp -np confluence/template/custom/content-editor.vm confluence/template/cus=
tom/content-editor.vm.original;
echo "done"
echo -n "   b. updating file.. "
sed $SEDFLAGS 's/("Hidden" "name=3D.([a-zA-Z]+)." "value=3D).\$[!l][^"]+"/\=
1\2"/' confluence/template/custom/content-editor.vm;
sed $SEDFLAGS 's/("Hidden" "id=3DsourceTemplateId.*value=3D)[^"]+"/\1templa=
teId"/' confluence/template/custom/content-editor.vm;
echo "done"
echo "   c. showing file changes.."
diff confluence/template/custom/content-editor.vm.original confluence/templ=
ate/custom/content-editor.vm
echo "   d. file updated successfully!"
echo ""

# ######################################
# File 5 of 5

CONFLUENCE_EDITOR_JAR=3D`ls -1 confluence/WEB-INF/atlassian-bundled-plugins=
/confluence-editor-loader*.jar 2> /dev/null`
echo "File 5: 'confluence/WEB-INF/atlassian-bundled-plugins/confluence-edit=
or-loader*.jar':"
if [ ! -z "$CONFLUENCE_EDITOR_JAR" ]
then
    echo "   a. extracting templates/editor-preload-container.vm from $CONF=
LUENCE_EDITOR_JAR.. "
    export TMP_EXTRACT_DIR=3D.
    unzip -o -d $TMP_EXTRACT_DIR $CONFLUENCE_EDITOR_JAR templates/editor-pr=
eload-container.vm;
    if [ -f templates/editor-preload-container.vm ]
    then
        cp -np $TMP_EXTRACT_DIR/templates/editor-preload-container.vm $TMP_=
EXTRACT_DIR/templates/editor-preload-container.vm.original;

        echo -n "   b. updating file.. "
        sed $SEDFLAGS 's/("Hidden" "id=3DsyncRev.*value=3D)[^"]+"/\1syncRev=
"/' $TMP_EXTRACT_DIR/templates/editor-preload-container.vm;
        echo "done"
        echo "   c. showing file changes.."
        diff $TMP_EXTRACT_DIR/templates/editor-preload-container.vm.origina=
l $TMP_EXTRACT_DIR/templates/editor-preload-container.vm;

        echo -n "   d. validating file changes.. "
        if grep -qi "action.syncRev" $TMP_EXTRACT_DIR/templates/editor-prel=
oad-container.vm
        then
            echo "ERROR: Failed to update $TMP_EXTRACT_DIR/templates/editor=
-preload-container.vm"
            echo ""
            echo "UPDATE FAILED, EXITING!"
            exit 1;
        fi
        if ! grep -qi "value=3DsyncRev" $TMP_EXTRACT_DIR/templates/editor-p=
reload-container.vm
        then
            echo "ERROR: Failed to update $TMP_EXTRACT_DIR/templates/editor=
-preload-container.vm"
            echo ""
            echo "UPDATE FAILED, EXITING!"
            exit 1;
        fi
        echo "ok"

        echo -n "   e. updating $CONFLUENCE_EDITOR_JAR with $TMP_EXTRACT_DI=
R/templates/editor-preload-container.vm.."
        zip "$CONFLUENCE_EDITOR_JAR" $TMP_EXTRACT_DIR/templates/editor-prel=
oad-container.vm;
        ls -l "$CONFLUENCE_EDITOR_JAR";

        echo -n "   f. cleaning up temp files.."
        rm -f $TMP_EXTRACT_DIR/templates/editor-preload-container.vm $TMP_E=
XTRACT_DIR/templates/editor-preload-container.vm.bak $TMP_EXTRACT_DIR/templ=
ates/editor-preload-container.vm.original;
        echo "ok"

        echo "   g. extracting templates/editor-preload-container.vm from $=
CONFLUENCE_EDITOR_JAR again to check changes within JAR.. "
        export TMP_EXTRACT_DIR=3D.
        unzip -o -d $TMP_EXTRACT_DIR $CONFLUENCE_EDITOR_JAR templates/edito=
r-preload-container.vm;
        if [ ! -f templates/editor-preload-container.vm ]
        then
            echo "ERROR: Failed to extract templates/editor-preload-contain=
er.vm from $CONFLUENCE_EDITOR_JAR"
            echo ""
            echo "UPDATE FAILED, EXITING!"
            exit 1;
        fi

        echo -n "   h. validating file changes for file within updated JAR.=
. "
        if grep -qi "action.syncRev" $TMP_EXTRACT_DIR/templates/editor-prel=
oad-container.vm
        then
            echo "ERROR: Failed to update $TMP_EXTRACT_DIR/templates/editor=
-preload-container.vm"
            echo ""
            echo "UPDATE FAILED, EXITING!"
            exit 1;
        fi
        if ! grep -qi "value=3DsyncRev" $TMP_EXTRACT_DIR/templates/editor-p=
reload-container.vm
        then
            echo "ERROR: Failed to update $TMP_EXTRACT_DIR/templates/editor=
-preload-container.vm"
            echo ""
            echo "UPDATE FAILED, EXITING!"
            exit 1;
        fi
        echo "ok"

        echo -n "   i. cleaning up temp files.."
        rm -f $TMP_EXTRACT_DIR/templates/editor-preload-container.vm $TMP_E=
XTRACT_DIR/templates/editor-preload-container.vm.bak $TMP_EXTRACT_DIR/templ=
ates/editor-preload-container.vm.original;
        rmdir $TMP_EXTRACT_DIR/templates 2> /dev/null;
        echo "ok"
    else
        echo "   b. templates/editor-preload-container.vm not present in JA=
R, skipping step"
    fi
else
    echo "   b. JAR not present in current install, skipping step"
fi

echo ""
echo "Update completed!"
=20
=20


=E6=89=A7=E8=A1=8C=E5=90=8E=E4=BC=9A=E8=BF=9B=E8=A1=8C=E6=8F=90=E7=A4=BA=

=20
=20 =E6=8F=90=E7=A4=BA=E9=A1=B5=E9=9D=A2=E7=9A=84=E5=8F= =98=E6=9B=B4=E5=86=85=E5=AE=B9=20  Expand source=20 =20
=20
=20 
File 1: 'confluence/users/user-dark-features.vm':
   a. backing up file.. done
   b. updating file.. done
   c. showing file changes..
70c70
<             #tag( "Component" "label=3D'Enable dark feature:'" "name=
=3D'featureKey'" "value=3D'$!action.featureKey'" "theme=3D'aui'" "template=
=3D'text.vm'")
---
>             #tag( "Component" "label=3D'Enable dark feature:'" "name=
=3D'featureKey'" "value=3DfeatureKey" "theme=3D'aui'" "template=3D'text.vm'=
")
   d. validating file changes.. ok
   e. file updated successfully!

File 2: 'confluence/login.vm':
   a. backing up file.. done
   b. updating file.. done
   c. showing file changes..
169c169
<                         #tag( "Hidden" "name=3D'token'" "value=3D'$!ac=
tion.token'" )
---
>                         #tag( "Hidden" "name=3D'token'" "value=3Dtoken=
" )
   d. validating file changes.. ok
   e. file updated successfully!

File 3: 'confluence/pages/createpage-entervariables.vm':
   a. backing up file.. done
   b. updating file.. done
   c. showing file changes..
24c24
<                 #tag ("Hidden" "name=3D'queryString'" "value=3D'$!quer=
yString'")
---
>                 #tag ("Hidden" "name=3D'queryString'" "value=3DquerySt=
ring")
26c26
<                 #tag ("Hidden" "name=3D'linkCreation'" "value=3D'$link=
Creation'")
---
>                 #tag ("Hidden" "name=3D'linkCreation'" "value=3DlinkCr=
eation")
   d. validating file changes..ok
   e. file updated successfully!

File 4: 'confluence/template/custom/content-editor.vm':
   a. backing up file.. done
   b. updating file.. done
   c. showing file changes..
64c64
<         #tag ("Hidden" "name=3D'queryString'" "value=3D'$!queryString'=
")
---
>         #tag ("Hidden" "name=3D'queryString'" "value=3DqueryString")
85c85
<             #tag ("Hidden" "id=3DsourceTemplateId" "name=3D'sourceTemp=
lateId'" "value=3D'${templateId}'")
---
>             #tag ("Hidden" "id=3DsourceTemplateId" "name=3D'sourceTemp=
lateId'" "value=3DtemplateId")
   d. file updated successfully!

File 5: 'confluence/WEB-INF/atlassian-bundled-plugins/confluence-editor-loa=
der*.jar':
   a. extracting templates/editor-preload-container.vm from confluence/WEB-=
INF/atlassian-bundled-plugins/confluence-editor-loader-7.10.2.jar..=20
Archive:  confluence/WEB-INF/atlassian-bundled-plugins/confluence-editor-lo=
ader-7.10.2.jar
  inflating: ./templates/editor-preload-container.vm =20
   b. updating file.. done
   c. showing file changes..
56c56
< #tag ("Hidden" "id=3DsyncRev" "name=3D'syncRev'" "value=3D'$!{action.s=
yncRev}'")
---
> #tag ("Hidden" "id=3DsyncRev" "name=3D'syncRev'" "value=3DsyncRev")
   d. validating file changes.. ok
   e. updating confluence/WEB-INF/atlassian-bundled-plugins/confluence-edit=
or-loader-7.10.2.jar with ./templates/editor-preload-container.vm..updating=
: templates/editor-preload-container.vm (deflated 59%)
-rw-r--r-- 1 root root 13373 Sep  3 05:09 confluence/WEB-INF/atlassian-bund=
led-plugins/confluence-editor-loader-7.10.2.jar
   f. cleaning up temp files..ok
   g. extracting templates/editor-preload-container.vm from confluence/WEB-=
INF/atlassian-bundled-plugins/confluence-editor-loader-7.10.2.jar again to =
check changes within JAR..=20
Archive:  confluence/WEB-INF/atlassian-bundled-plugins/confluence-editor-lo=
ader-7.10.2.jar
  inflating: ./templates/editor-preload-container.vm =20
   h. validating file changes for file within updated JAR.. ok
   i. cleaning up temp files..ok

Update completed!
=20
=20




https://confluence.atlassian.com/adminjiras= erver/jira-data-center-and-jira-service-management-data-center-security-adv= isory-2021-07-21-1063571388.html


------=_Part_3761_346859838.1664803214700--