Hub Appsec rule

More info

vpatch-CVE-2021-26072 AppSec Rule

« vpatch-CVE-2021-26072 »
v0.1 by crowdsecurity
AppSec rule

Detects SSRF in Atlassian Confluence via WidgetConnector plugin (CVE-2021-26072)

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2021-26072

YAML Configuration

1## autogenerated on 2025-10-29 15:23:06
2name: crowdsecurity/vpatch-CVE-2021-26072
3description: 'Detects SSRF in Atlassian Confluence via WidgetConnector plugin (CVE-2021-26072)'
4rules:
5  - and:
6      - zones:
7          - URI
8        transform:
9          - lowercase
10          - urldecode
11        match:
12          type: contains
13          value: /rest/sharelinks/1.0/link
14      - zones:
15          - ARGS
16        variables:
17          - url
18        transform:
19          - lowercase
20          - urldecode
21        match:
22          type: contains
23          value: 'http'
24
25labels:
26  type: exploit
27  service: http
28  confidence: 3
29  spoofable: 0
30  behavior: 'http:exploit'
31  label: 'Atlassian Confluence - SSRF'
32  classification:
33    - cve.CVE-2021-26072
34    - attack.T1190
35    - cwe.CWE-918
36

Hub Appsec rule

« vpatch-CVE-2021-26072 »v0.1 by crowdsecurityAppSec rule

« vpatch-CVE-2021-26072 »
v0.1 by crowdsecurity
AppSec rule