Description

The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full path of the Jira application data directory via an information disclosure vulnerability in the error message when presented with an invalid filename.

Remediation

References

CVE-2021-26075

Related Vulnerabilities

WordPress Plugin Startklar Elementor Addons Directory Traversal (1.7.15)

ZenCart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-6578)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-33336)

Frontaccounting Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3740)

WordPress Plugin MailPoet Newsletters (Previous) Unspecified Vulnerability (2.7.8)

Severity

Medium

Classification

CVE-2021-26075

Tags

Missing Update Known Vulnerabilities