Lucene search
AtlassianCVELIST:CVE-2020-29453HistoryJan 21, 2021 - 12:00 a.m.
CVE-2020-29453
2021-01-2100:00:00
atlassian
www.cve.org
The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.
CNA Affected
[
{
"product": "Jira Server",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "8.5.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.6.0",
"versionType": "custom"
},
{
"lessThan": "8.13.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.14.0",
"versionType": "custom"
},
{
"lessThan": "8.15.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Jira Data Center",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "8.5.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.6.0",
"versionType": "custom"
},
{
"lessThan": "8.13.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.14.0",
"versionType": "custom"
},
{
"lessThan": "8.15.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
nessus
nessus
Atlassian Jira 8.6.x < 8.13.3 Multiple Vulnerabilities
2021-07-02 00:00:00
Atlassian Jira 8.14.x < 8.15.0 Multiple Vulnerabilities
2021-07-02 00:00:00
atlassian
atlassian
cve
cve
CVE-2020-29453
2021-02-22 21:15:19
nvd
nvd
CVE-2020-29453
2021-02-22 21:15:19
cnvd
cnvd
Atlassian Jira Server and Jira Data Center Path Traversal Vulnerability
2021-02-23 00:00:00
prion
prion
Path traversal
2021-02-22 21:15:00
nuclei
nuclei
Jira Server Pre-Auth - Arbitrary File Retrieval (WEB-INF, META-INF)
2021-08-23 04:30:16
openvas
openvas
'/%2e/WEB-INF/' Information Disclosure Vulnerability (HTTP)
2021-06-09 00:00:00