Description

The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.

Remediation

References

CVE-2020-29453

Related Vulnerabilities

Django Improper Input Validation Vulnerability (CVE-2019-3498)

Oracle Database Server CVE-2014-6577 Vulnerability (CVE-2014-6577)

WordPress Plugin Google Analytics Dashboard Plugin for WordPress by MonsterInsights Cross-Site Scripting (7.1.0)

Ruby on Rails CVE-2018-16477 Vulnerability (CVE-2018-16477)

Oracle Application Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2004-1367)

Severity

Medium

Classification

CVE-2020-29453 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities