CVE-2020-29453
published 2021-02-22CVE-2020-29453: The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0…
PriorityP354medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
23.09%
97.5th percentile
The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atlassian | data_center | >= 8.5.10 < 8.5.11 | 8.5.11 |
| atlassian | data_center | >= 8.6.0 < 8.13.3 | 8.13.3 |
| atlassian | jira_data_center | >= 8.14.0 < unspecified | unspecified |
| atlassian | jira_data_center | >= 8.14.0 < 8.15.0 | 8.15.0 |
| atlassian | jira_data_center | >= 8.6.0 < unspecified | unspecified |
| atlassian | jira_data_center | >= unspecified < 8.5.11 | 8.5.11 |
| atlassian | jira_data_center | >= unspecified < 8.13.3 | 8.13.3 |
| atlassian | jira_data_center | >= unspecified < 8.15.0 | 8.15.0 |
| atlassian | jira_server | >= 8.14.0 < unspecified | unspecified |
| atlassian | jira_server | >= 8.14.0 < 8.15.0 | 8.15.0 |
| atlassian | jira_server | >= 8.5.10 < 8.5.11 | 8.5.11 |
| atlassian | jira_server | >= 8.6.0 < unspecified | unspecified |
| atlassian | jira_server | >= 8.6.0 < 8.13.3 | 8.13.3 |
| atlassian | jira_server | >= unspecified < 8.5.11 | 8.5.11 |
| atlassian | jira_server | >= unspecified < 8.13.3 | 8.13.3 |
| atlassian | jira_server | >= unspecified < 8.15.0 | 8.15.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect CVE-2020-29453 exploitation attempts by matching HTTP GET requests to Jira paths containing the pattern /s/<token>/_/%2e/ followed by WEB-INF or META-INF directory traversal segments. ↗
- →A successful exploitation response will return HTTP 200 with the string 'com.atlassian.jira' in the body (from the retrieved pom.xml file). ↗
- →Use Shodan queries 'http.component:"Atlassian Jira"' or 'http.component:"atlassian jira"' to identify internet-exposed Jira instances potentially vulnerable to this CVE. ↗
- →The attack is unauthenticated (pre-auth), requires no user interaction, and exploits an incorrect path access check in the CachingResourceDownloadRewriteRule class to read files in WEB-INF and META-INF directories. ↗
- ·Affected versions are Jira Server and Jira Data Center before 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0. Detections should be scoped to these version ranges to reduce false positives. ↗
- ·The Nuclei template uses a random string token in the URL path ({{randstr}}), so network-level signatures must account for variable path segments between /s/ and /_/%2e/. ↗
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Jira Server Pre-Auth - Arbitrary File Retrieval (WEB-INF, META-INF)
nuclei·CVSS 5.3
CVE-2020-29453 [MEDIUM] Jira Server Pre-Auth - Arbitrary File Retrieval (WEB-INF, META-INF)
Jira Server Pre-Auth - Arbitrary File Retrieval (WEB-INF, META-INF)
The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.
Template:
id: CVE-2020-29453
info:
name: Jira Server Pre-Auth - Arbitrary File Retrieval (WEB-INF, META-INF)
author: dwisiswant0
severity: medium
description: The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.
impact: |
An attacker can retrieve sensitive files containing configuration information, potentially leading to further explo
Recorded Future
Analyze Recent Atlassian Vulnerabilities and Keep Your Infrastructure Protected
blogs_recorded_future·CVSS 9.6
[CRITICAL] Analyze Recent Atlassian Vulnerabilities and Keep Your Infrastructure Protected
## Analyze Recent Atlassian Vulnerabilities and Keep Your Infrastructure Protected
For years, software solutions built by Atlassian have found their way to nearly every organization's software stack. Tools such as JIRA, Confluence, Bamboo, and BitBucket are often seen playing a crucial role in various departments across enterprises.
From managing projects or handling organization-wide documentation, to hosting the very code of a product being developed by the organization, the constant reliance upon and amount of historical data held within these applications have turned them into a lucrative target for attackers, expanding the attack surface in the process.
## Historical Atlassian Vulnerabilities
Traditionally, vulnerabilities within the Atlassian software stack have originated from d
Recorded Future
Analyze Recent Atlassian Vulnerabilities and Keep Your Infrastructure Protected
blogs_recorded_future·CVSS 9.6
[CRITICAL] Analyze Recent Atlassian Vulnerabilities and Keep Your Infrastructure Protected
# Analyze Recent Atlassian Vulnerabilities and Keep Your Infrastructure Protected
For years, software solutions built by Atlassian have found their way to nearly every organization's software stack. Tools such as JIRA, Confluence, Bamboo, and BitBucket are often seen playing a crucial role in various departments across enterprises.
From managing projects or handling organization-wide documentation, to hosting the very code of a product being developed by the organization, the constant reliance upon and amount of historical data held within these applications have turned them into a lucrative target for attackers, expanding the attack surface in the process.
## Historical Atlassian Vulnerabilities
Traditionally, vulnerabilities within the Atlassian software stack have originated from di
2021-02-22
Published