CVE-2019-8442

The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check.
References
Link Resource
https://jira.atlassian.com/browse/JRASERVER-69241 Issue Tracking Vendor Advisory
http://www.securityfocus.com/bid/108460 Broken Link
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*

History

22 Apr 2022, 20:10

Type Values Removed Values Added
References (BID) http://www.securityfocus.com/bid/108460 - (BID) http://www.securityfocus.com/bid/108460 - Broken Link

25 Mar 2022, 17:20

Type Values Removed Values Added
CPE cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
First Time Atlassian jira Server

Information

Published : 2019-05-22 18:29

Updated : 2022-04-22 20:10


NVD link : CVE-2019-8442

Mitre link : CVE-2019-8442


JSON object : View

Products Affected

atlassian

  • jira_server
  • jira