Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1.
History

Wed, 13 Nov 2024 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 13 Nov 2024 00:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2024-11-12'}


Fri, 11 Oct 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: atlassian

Published: 2021-08-16T00:15:09.827127Z

Updated: 2024-11-13T14:08:04.358Z

Reserved: 2021-01-25T00:00:00

Link: CVE-2021-26086

cve-icon Vulnrichment

Updated: 2024-08-03T20:19:19.569Z

cve-icon NVD

Status : Modified

Published: 2021-08-16T01:15:06.353

Modified: 2024-11-21T05:55:50.703

Link: CVE-2021-26086

cve-icon Redhat

No data.