This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.JIRA_CVE-2021-26086.NBINJira Server/Data Center Limited Remote File Read (CVE-2021-26086)
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
6.7 Medium
AI Score
Confidence
Low
0.893 High
EPSS
Percentile
98.8%
The Atlassian JIRA application running on the remote host is < 8.5.14, 8.6.0 < 8.13.6 or 8.14.0 < 8.16.1.
It is ,therefore, affected by a path traversal vulnerability affecting the /WEB-INF/web.xml endpoint. Attackers can exploit this vulnerability to read particular files.
Binary data jira_cve-2021-26086.nbinRelated
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
6.7 Medium
AI Score
Confidence
Low
0.893 High
EPSS
Percentile
98.8%