Description

The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.

Remediation

References

CVE-2020-29453

Related Vulnerabilities

ReviveAdserver Improper Access Control Vulnerability (CVE-2015-7367)

WordPress Plugin To Top Security Bypass (2.2.2)

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-14642)

YUI Library Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-5882)

OpenSSL Other Vulnerability (CVE-2005-2969)

Severity

Medium

Classification

CVE-2020-29453 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities