GSD-2021-26086 — Vulnetix

GSD-2021-26086 PUBLISHED CVSS 5.300000190734863 MEDIUM

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1.

Risk Scores

CVSS v3.1

5.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products

Vendor	Product	Versions
Atlassian	Jira Server	8.14.0, unspecified, 8.6.0
Atlassian	Jira Data Center	*, 8.14.0, unspecified
atlassian	jira_data_center	0, 8.6.0, 8.14.0
atlassian	jira_server	0, 8.14.0, 8.6.0

Timeline

Aug 16, 2021 CVE Published
Nov 12, 2024 PoC Published
Nov 12, 2024 PoC Published
Nov 12, 2024 PoC Published
Nov 14, 2024 PoC Published
Jan 26, 2025 PoC Published
Jan 27, 2025 PoC Published
Jan 28, 2025 PoC Published
Jan 29, 2025 PoC Published
Jan 30, 2025 PoC Published
Jan 31, 2025 PoC Published
Feb 1, 2025 PoC Published

References

Open in Interactive Console →