Description
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint.
The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1.
Affected versions:
version < 8.5.14
8.6.0 <= version < 8.13.6
8.14.0 <= version < 8.16.1
Fixed versions:
8.5.14
8.13.6
8.16.1
8.17.0
Remediation
Upgrade to the latest version of Atlassian Jira Server and Data Center.