Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-8442Atlassian Jira vulnerability

6 documents6 sources
Severity
7.5HIGHNVD
EPSS
93.1%
top 0.20%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Atlassian JiraAtlassian Jira Server
Timeline
PublishedMay 22
Latest updateMay 24

Description

The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

CVEListV5atlassian/jiraunspecified7.13.4+4
NVDatlassian/jira< 7.13.4
NVDatlassian/jira_server8.0.08.0.4+1

🔴Vulnerability Details

3
GHSA
GHSA-jw47-mjcp-rx65: The CachingResourceDownloadRewriteRule class in Jira before version 72022-05-24
CVEList
CVE-2019-8442: The CachingResourceDownloadRewriteRule class in Jira before version 72019-05-22
VulnCheck
Jira CachingResourceDownloadRewriteRule class Security Bypass2019

💥Exploits & PoCs

1
Nuclei
Jira - Local File Inclusion

💬Community

1
HackerOne
Information disclosure on sim.starbucks.com2019-11-13
CVE-2019-8442 — Atlassian Jira vulnerability | cvebase