WEB APPLICATION VULNERABILITIES Standard & Premium

Limited Remote File Read/Include in Jira Software Server

Description

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1.

Affected versions:
version < 8.5.14
8.6.0 <= version < 8.13.6
8.14.0 <= version < 8.16.1

Fixed versions:
8.5.14
8.13.6
8.16.1
8.17.0

Remediation

Upgrade to the latest version of Atlassian Jira Server and Data Center.

References

Limited Remote File Read/Include in Jira Software Server - CVE-2021-26086

Related Vulnerabilities

WordPress Plugin Eshop Magic Arbitrary File Disclosure (0.1)

WordPress Plugin Digital Publications by Supsystic Multiple Vulnerabilities (1.6.9)

WordPress Plugin Customer Reviews for WooCommerce Local File Inclusion (5.15.0)

WordPress Plugin Mailing List 'wpabspath' Parameter Remote File Include (1.3.3)

WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions Directory Traversal (1.7.14.2)

Severity

Medium

Classification

CVE-2021-26086 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

File Inclusion