Lucene search
Security-metrics-botATLASSIAN:JRASERVER-72014HistoryJan 21, 2021 - 5:58 p.m.
Pre-Authorization Limited Arbitrary File Read in Jira Server - CVE-2020-29453
2021-01-2117:58:02
security-metrics-bot
jira.atlassian.com
91
0.014 Low
EPSS
Percentile
86.5%
The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.
h3. Affected versions:
- version < 8.5.11
- 8.6.0 ≤ version < 8.13.3
- 8.14.0 ≤ version < 8.15.0
h4. Fixed versions:
- 8.5.11
- 8.13.3
- 8.15.0
This vulnerability is attributed to Amit Laish, a security researcher from GE Digital.
Related
nessus
nessus
Atlassian Jira 8.6.x < 8.13.3 Multiple Vulnerabilities
2021-07-02 00:00:00
Atlassian Jira 8.14.x < 8.15.0 Multiple Vulnerabilities
2021-07-02 00:00:00
atlassian
atlassian
cve
cve
CVE-2020-29453
2021-02-22 21:15:19
cvelist
cvelist
CVE-2020-29453
2021-01-21 00:00:00
nvd
nvd
CVE-2020-29453
2021-02-22 21:15:19
nuclei
nuclei
Jira Server Pre-Auth - Arbitrary File Retrieval (WEB-INF, META-INF)
2021-08-23 04:30:16
cnvd
cnvd
Atlassian Jira Server and Jira Data Center Path Traversal Vulnerability
2021-02-23 00:00:00
prion
prion
Path traversal
2021-02-22 21:15:00
openvas
openvas
'/%2e/WEB-INF/' Information Disclosure Vulnerability (HTTP)
2021-06-09 00:00:00