Lucene search

[email protected]NVD:CVE-2020-29453

HistoryFeb 22, 2021 - 9:15 p.m.

CVE-2020-29453

2021-02-2221:15:19

CWE-22

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.014 Low

EPSS

Percentile

86.5%

JSON

The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.

Affected configurations

NVD

Node

atlassiandata_centerRange8.5.10–8.5.11

atlassiandata_centerRange8.6.0–8.13.3

atlassianjira_data_centerRange8.14.0–8.15.0

atlassianjira_serverRange8.5.10–8.5.11

atlassianjira_serverRange8.6.0–8.13.3

atlassianjira_serverRange8.14.0–8.15.0

References

jira.atlassian.com/browse/JRASERVER-72014

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.014 Low

EPSS

Percentile

86.5%

JSON

Related for NVD:CVE-2020-29453

nessus4 atlassian2 cve1 cvelist1 cnvd1 prion1 nuclei1 openvas1