PT-2021-16942 · Atlassian · Jira

Published

2021-04-14

Updated

2022-03-30

CVE-2021-26075

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jira Server and Data Center versions prior to 8.5.12 Jira Server and Data Center versions 8.6.0 through 8.13.4 Jira Server and Data Center versions 8.14.0 through 8.15.1

Description The Jira importers plugin AttachTemporaryFile rest resource allowed remote authenticated attackers to obtain the full path of the Jira application data directory via an information disclosure vulnerability in the error message when presented with an invalid filename.

Recommendations For versions prior to 8.5.12, update to version 8.5.12 or later. For versions 8.6.0 through 8.13.4, update to version 8.13.4 or later. For versions 8.14.0 through 8.15.1, update to version 8.15.1 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-26075

Affected Products

Jira

PT-2021-16942 · Atlassian · Jira

CVE-2021-26075

Related Identifiers

Affected Products

References · 4