The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/108460 | Broken Link |
https://jira.atlassian.com/browse/JRASERVER-69241 | Issue Tracking Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
22 Apr 2022, 20:10
Type | Values Removed | Values Added |
---|---|---|
References | (BID) http://www.securityfocus.com/bid/108460 - Broken Link |
25 Mar 2022, 17:20
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:* | |
First Time |
Atlassian jira Server
|
Information
Published : 2019-05-22 18:29
Updated : 2023-12-10 12:59
NVD link : CVE-2019-8442
Mitre link : CVE-2019-8442
CVE.ORG link : CVE-2019-8442
JSON object : View
Products Affected
atlassian
- jira
- jira_server
CWE