Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1.
References
Link | Resource |
---|---|
https://jira.atlassian.com/browse/JRASERVER-72695 | Issue Tracking Vendor Advisory |
http://packetstormsecurity.com/files/164405/Atlassian-Jira-Server-Data-Center-8.4.0-File-Read.html | Exploit Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
Information
Published : 2021-08-15 18:15
Updated : 2022-03-30 06:13
NVD link : CVE-2021-26086
Mitre link : CVE-2021-26086
JSON object : View
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Products Affected
atlassian
- jira_data_center
- jira_server