CVE-2021-26086

Name of the Vulnerable Software and Affected Versions Atlassian Jira Server and Data Center versions prior to 8.5.14 Atlassian Jira Server and Data Center versions 8.6.0 through 8.13.6 Atlassian Jira Server and Data Center versions 8.14.0 through 8.16.1

Description The issue allows remote attackers to read particular files via a path traversal vulnerability in the "/WEB-INF/web.xml" endpoint. This vulnerability is actively exploited.

Recommendations For versions prior to 8.5.14, update to version 8.5.14 or later. For versions 8.6.0 through 8.13.6, update to version 8.13.6 or later. For versions 8.14.0 through 8.16.1, update to version 8.16.1 or later. As a temporary workaround, consider restricting access to the "/WEB-INF/web.xml" endpoint until a patch is available.