CVE-2021-26075

3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.3%

top 49.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Jira Data Center Atlassian Jira Server Atlassian Data Center +1 more

Timeline

PublishedApr 15

Latest updateMay 24

Description

The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full path of the Jira application data directory via an information disclosure vulnerability in the error message when presented with an invalid filename.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages6 packages

▶CVEListV5atlassian/jira_data_centerunspecified — 8.5.12+4

▶NVDatlassian/jira_data_center8.6.0 — 8.13.4+1

▶CVEListV5atlassian/jira_serverunspecified — 8.5.12+4

▶NVDatlassian/jira_server8.6.0 — 8.13.4+1

▶NVDatlassian/jira< 8.5.12

Patches

Patch: jira.atlassian.com ↗Patch: jira.atlassian.com ↗

🔴Vulnerability Details

GHSA

GHSA-jx9v-5wjx-h5fq: The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8↗2022-05-24

▶

CVEList

CVE-2021-26075: The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8↗2021-04-14

▶