The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full path of the Jira application data directory via an information disclosure vulnerability in the error message when presented with an invalid filename.
References
Link | Resource |
---|---|
https://jira.atlassian.com/browse/JRASERVER-72316 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2021-04-15 00:15
Updated : 2024-02-28 18:28
NVD link : CVE-2021-26075
Mitre link : CVE-2021-26075
CVE.ORG link : CVE-2021-26075
JSON object : View
Products Affected
atlassian
- jira
- jira_data_center
- data_center
- jira_server
CWE