Lucene search
Security-metrics-botATLASSIAN:JRASERVER-72316HistoryApr 14, 2021 - 2:32 a.m.
Full path information disclose via invalid filename error message - CVE-2021-26075
2021-04-1402:32:32
security-metrics-bot
jira.atlassian.com
36
jira
importers plugin
information disclosure
EPSS
0.001
Percentile
35.3%
The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full path of the Jira application data directory via an information disclosure vulnerability in the error message when presented with an invalid filename.
Affected versions:
- version < 8.5.12
- 8.6.0 ≤ version < 8.13.4
- 8.14.0 ≤ version < 8.15.1
Fixed versions:
- 8.5.12
- 8.13.4
- 8.15.1
Related
cnvd
cnvd
atlassian
atlassian
cve
cve
CVE-2021-26075
2021-04-15 00:15:12
cvelist
cvelist
CVE-2021-26075
2021-04-14 23:45:18
prion
prion
Information disclosure
2021-04-15 00:15:00
nvd
nvd
CVE-2021-26075
2021-04-15 00:15:12
nessus
nessus
Atlassian Jira < 8.5.12 Multiple Vulnerabilities
2021-07-02 00:00:00
Atlassian Jira 8.6.x < 8.13.4 Multiple Vulnerabilities
2021-07-02 00:00:00
Atlassian Jira 8.14.x < 8.15.1 Multiple Vulnerabilities (1/2)
2021-07-06 00:00:00