Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-72316

Full path information disclose via invalid filename error message - CVE-2021-26075

    XMLWordPrintable

Details

    • 4.3
    • Medium
    • CVE-2021-26075

    Description

      The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full path of the Jira application data directory via an information disclosure vulnerability in the error message when presented with an invalid filename.

      Affected versions:

      • version < 8.5.12
      • 8.6.0 ≤ version < 8.13.4
      • 8.14.0 ≤ version < 8.15.1

      Fixed versions:

      • 8.5.12
      • 8.13.4
      • 8.15.1

      Attachments

        Activity

          People

            Unassigned Unassigned
            security-metrics-bot Security Metrics Bot
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: