/
Confluence 취약점 해결 가이드 (CVE-2021-26084)
Confluence 취약점 해결 가이드 (CVE-2021-26084)
- Ace, Koo
Owned by Ace, Koo
Confluence Server and Data Center is affected by a critical security vulnerability
1. Atlassian에서는 Confluencce의 취약점 발견하여 보안 가이드를 배포 함
이미 고정 버전으로 업그레이드한 경우 추가 조치가 필요하지 않습니다.
Atlassian에서 권고하는 Confluence Version으로 업그레이드하는 것을 권장하지만, 즉시 업그레이드가 불가능할 경우 아래의 Migration 절차에 따라 진행
2. Migration 절차
1) Confluence 서비스 중지
$ <Confluence installed dir>/bin/stop-confluence.sh
2) cve-2021-26084-update.sh 다운로드 후 저장
3) cve-2021-26084-update.sh 생성 후 실행 (sh 파일의 14line에 Confluence 설치 디렉터리 입력 후 저장)
$ ./cve-2021-26084-update.sh
<실행 결과 예>
INSTALLATION_DIRECTORY=/opt/atlassian/confluence
$ chmod 777 cve-2021-26084-update.sh
$ su confluence
$ ./cve-2021-26084-update.sh # 마지막줄 Update completed! 확인
chdir '/opt/atlassian/confluence'
File 1: 'confluence/users/user-dark-features.vm':
a. backing up file.. done
b. updating file.. done
c. showing file changes..
70c70
< #tag( "Component" "label='Enable dark feature:'" "name='featureKey'" "value='$!action.featureKey'" "theme='aui'" "template='text.vm'")
---
> #tag( "Component" "label='Enable dark feature:'" "name='featureKey'" "value=featureKey" "theme='aui'" "template='text.vm'")
d. validating file changes.. ok
e. file updated successfully!
File 2: 'confluence/login.vm':
a. backing up file.. done
b. updating file.. done
c. showing file changes..
147c147
< #tag( "Hidden" "name='token'" "value='$!action.token'" )
---
> #tag( "Hidden" "name='token'" "value=token" )
d. validating file changes.. ok
e. file updated successfully!
File 3: 'confluence/pages/createpage-entervariables.vm':
a. backing up file.. done
b. updating file.. done
c. showing file changes..
24c24
< #tag ("Hidden" "name='queryString'" "value='$!queryString'")
---
> #tag ("Hidden" "name='queryString'" "value=queryString")
26c26
< #tag ("Hidden" "name='linkCreation'" "value='$linkCreation'")
---
> #tag ("Hidden" "name='linkCreation'" "value=linkCreation")
d. validating file changes..ok
e. file updated successfully!
File 4: 'confluence/template/custom/content-editor.vm':
a. backing up file.. done
b. updating file.. done
c. showing file changes..
64c64
< #tag ("Hidden" "name='queryString'" "value='$!queryString'")
---
> #tag ("Hidden" "name='queryString'" "value=queryString")
85c85
< #tag ("Hidden" "id=sourceTemplateId" "name='sourceTemplateId'" "value='${templateId}'")
---
> #tag ("Hidden" "id=sourceTemplateId" "name='sourceTemplateId'" "value=templateId")
d. file updated successfully!
File 5: 'confluence/WEB-INF/atlassian-bundled-plugins/confluence-editor-loader*.jar':
a. extracting templates/editor-preload-container.vm from confluence/WEB-INF/atlassian-bundled-plugins/confluence-editor-loader-7.4.3.jar..
Archive: confluence/WEB-INF/atlassian-bundled-plugins/confluence-editor-loader-7.4.3.jar
inflating: ./templates/editor-preload-container.vm
b. updating file.. done
c. showing file changes..
56c56
< #tag ("Hidden" "id=syncRev" "name='syncRev'" "value='$!{action.syncRev}'")
---
> #tag ("Hidden" "id=syncRev" "name='syncRev'" "value=syncRev")
d. validating file changes.. ok
e. updating confluence/WEB-INF/atlassian-bundled-plugins/confluence-editor-loader-7.4.3.jar with ./templates/editor-preload-container.vm..updating: templates/editor-preload-container.vm (deflated 59%)
-rw-r--r-- 1 confluence confluence 13404 Sep 7 11:31 confluence/WEB-INF/atlassian-bundled-plugins/confluence-editor-loader-7.4.3.jar
f. cleaning up temp files..ok
g. extracting templates/editor-preload-container.vm from confluence/WEB-INF/atlassian-bundled-plugins/confluence-editor-loader-7.4.3.jar again to check changes within JAR..
Archive: confluence/WEB-INF/atlassian-bundled-plugins/confluence-editor-loader-7.4.3.jar
inflating: ./templates/editor-preload-container.vm
h. validating file changes for file within updated JAR.. ok
i. cleaning up temp files..ok
Update completed!4) Confluence 서비스 시작
, multiple selections available,
Related content
Confluence 한글깨짐 문제 해결
Confluence 한글깨짐 문제 해결
Read with this
Confluence 설치전 확인 사항
Confluence 설치전 확인 사항
More like this
Confluence Cloud 시작하기
Confluence Cloud 시작하기
More like this
Confluence를 업그레이드한 후, 앱 관리에서 "앱 업로드하기" 옵션이 표시되지 않는 경우
Confluence를 업그레이드한 후, 앱 관리에서 "앱 업로드하기" 옵션이 표시되지 않는 경우
More like this
Confluence Cloud Migration Assistant를 사용하여 마이그레이션
Confluence Cloud Migration Assistant를 사용하여 마이그레이션
More like this
Synchrony 독립형 클러스터 구성
Synchrony 독립형 클러스터 구성
More like this