The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full path of the Jira application data directory via an information disclosure vulnerability in the error message when presented with an invalid filename.
References
Link | Resource |
---|---|
https://jira.atlassian.com/browse/JRASERVER-72316 | Patch Vendor Advisory |
https://jira.atlassian.com/browse/JRASERVER-72316 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 05:55
Type | Values Removed | Values Added |
---|---|---|
References | () https://jira.atlassian.com/browse/JRASERVER-72316 - Patch, Vendor Advisory |
Information
Published : 2021-04-15 00:15
Updated : 2024-11-21 05:55
NVD link : CVE-2021-26075
Mitre link : CVE-2021-26075
CVE.ORG link : CVE-2021-26075
JSON object : View
Products Affected
atlassian
- jira_server
- jira_data_center
- data_center
- jira
CWE