Description

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1.

Remediation

References

CVE-2021-26086

Related Vulnerabilities

WordPress Plugin MP3-jPlayer Multiple Cross-Site Scripting Vulnerabilities (1.8.7)

Jetty Integer Overflow or Wraparound Vulnerability (CVE-2017-7657)

Jboss EAP Incorrect Authorization Vulnerability (CVE-2019-14843)

WordPress Plugin WP to Twitter Authorization Bypass (2.9.3)

WordPress Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2017-8295)

Severity

Medium

Classification

CVE-2021-26086 CWE-22

Tags

Missing Update Known Vulnerabilities