Lucene search
AtlassianCVELIST:CVE-2019-8442HistoryMay 22, 2019 - 5:39 p.m.
CVE-2019-8442
2019-05-2217:39:14
atlassian
www.cve.org
11
EPSS
0.971
Percentile
99.8%
The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check.
CNA Affected
[
{
"product": "Jira",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "7.13.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.0.0",
"versionType": "custom"
},
{
"lessThan": "8.0.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.1.0",
"versionType": "custom"
},
{
"lessThan": "8.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2019-8442
2019-05-22 18:29:02
atlassian
atlassian
nuclei
nuclei
Jira - Local File Inclusion
2020-10-02 19:50:52
cve
cve
CVE-2019-8442
2019-05-22 18:29:02
prion
prion
Design/Logic Flaw
2019-05-22 18:29:00
openvas
openvas
'/_/WEB-INF/' Information Disclosure Vulnerability (HTTP)
2021-10-06 00:00:00
dsquare
dsquare
Atlassian JIRA File Disclosure
2019-11-08 00:00:00
hackerone
hackerone
Starbucks: Information disclosure on sim.starbucks.com
2019-06-30 12:11:42
nessus
nessus
Atlassian Jira 7.13.x < 7.13.4, 8.0.x < 8.0.4, 8.1.x < 8.1.1 Multiple Vulnerabilities
2019-05-31 00:00:00
Atlassian Jira 7.13.0 < 7.13.4 Multiple Vulnerabilities
2023-03-14 00:00:00
Atlassian Jira 8.0.0 < 8.0.4 Multiple Vulnerabilities
2023-03-14 00:00:00