The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full path of the Jira application data directory via an information disclosure vulnerability in the error message when presented with an invalid filename.
References
Link | Resource |
---|---|
https://jira.atlassian.com/browse/JRASERVER-72316 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
30 Mar 2022, 13:29
Type | Values Removed | Values Added |
---|---|---|
First Time |
Atlassian jira Data Center
|
|
CPE | cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:* |
25 Mar 2022, 18:14
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:* | |
First Time |
Atlassian jira Server
|
21 Apr 2021, 23:58
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:* cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:* |
|
CWE | NVD-CWE-noinfo | |
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 4.3 |
References | (MISC) https://jira.atlassian.com/browse/JRASERVER-72316 - Patch, Vendor Advisory |
15 Apr 2021, 00:35
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-04-15 00:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-26075
Mitre link : CVE-2021-26075
CVE.ORG link : CVE-2021-26075
JSON object : View
Products Affected
atlassian
- jira_data_center
- data_center
- jira
- jira_server
CWE