This article describes a Confluence Server and Jira Server vulnerability assessment with FortiDAST.
CVE-2021-26085, CVE-2021-26086 vulnerabilities are 0-day exploits that were discovered on popular software Confluence Server and Jira Server.
Both vulnerabilities are sharing the same attack vector and are leading to information disclosure allowing the attacker to access restricted data hosted on the target.
FortiDAST version 23.1
Detection against those vulnerabilities are covered directly from the OWASP Top 10 A05:2021 Security Misconfiguration group, especially the Information Disclosure module.
To enable the detection, you will need to configure your asset and check the Coverage tab of the configuration section.
Scan flag can be either Quick or Full scan.
Scroll down in the Category Selection to select the Security Misconfiguration entry, from there verify that Information Disclosure is checked. If it’s not the case, clicked on it to enable it. All you have to do now is to press the OK button at the bottom to save your configuration and then scan/rescan your asset to get the assessment done.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.