Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.JIRA_8_17_0_JRASERVER-72695.NASL
HistoryJul 06, 2022 - 12:00 a.m.

Atlassian Jira < 8.5.14 / 8.6.x < 8.13.6 / 8.14.x < 8.16.1 / 8.17.0 (JRASERVER-72695)

2022-07-0600:00:00
This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
JSON

The version of Atlassian Jira installed on the remote host is prior to < 8.5.14 / 8.6.x < 8.13.6 / 8.14.x < 8.16.1 / 8.17.0. It is, therefore, affected by a vulnerability as referenced in the JRASERVER-72695 advisory.

  • Limited Remote File Read in Jira Software Server - CVE-2021-26086 (CVE-2021-26086)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(162761);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/07/07");

  script_cve_id("CVE-2021-26086");

  script_name(english:"Atlassian Jira < 8.5.14 / 8.6.x < 8.13.6 / 8.14.x < 8.16.1 / 8.17.0 (JRASERVER-72695)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Atlassian Jira host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The version of Atlassian Jira installed on the remote host is prior to < 8.5.14 / 8.6.x < 8.13.6 / 8.14.x < 8.16.1 /
8.17.0. It is, therefore, affected by a vulnerability as referenced in the JRASERVER-72695 advisory.

  - Limited Remote File Read in Jira Software Server - CVE-2021-26086 (CVE-2021-26086)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://jira.atlassian.com/browse/JRASERVER-72695");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Atlassian Jira version 8.5.14, 8.13.6, 8.16.1, 8.17.0 or later.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-26086");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/08/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/08/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/07/06");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:atlassian:jira");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("jira_detect.nasl", "atlassian_jira_win_installed.nbin", "atlassian_jira_nix_installed.nbin");
  script_require_keys("installed_sw/Atlassian JIRA");

  exit(0);
}

include('vcf.inc');
var app_info = vcf::combined_get_app_info(app:'Atlassian JIRA');

var constraints = [
  { 'fixed_version' : '8.5.14' },
  { 'min_version' : '8.6.0', 'fixed_version' : '8.13.6' },
  { 'min_version' : '8.14.0', 'fixed_version' : '8.16.1', 'fixed_display' : '8.16.1 / 8.17.0' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
VendorProductVersionCPE
atlassianjiracpe:/a:atlassian:jira

Related

seebug 1
prion 1
nessus 1
cve 1
cnvd 1
packetstorm 1
zdt 1
nuclei 1
githubexploit 1
exploitdb 1
checkpoint_advisories 1
hackerone 1
atlassian 6
openvas 1
seebug
seebug
Atlassian Jira ζ–‡δ»Άθ―»ε–ζΌζ΄žοΌˆCVE-2021-26086οΌ‰
2021-08-20 00:00:00
prion
prion
Path traversal
2021-08-16 01:15:00
nessus
nessus
Jira Server/Data Center Limited Remote File Read (CVE-2021-26086)
2023-12-19 00:00:00
cve
cve
CVE-2021-26086
2021-08-16 01:15:00
cnvd
cnvd
Atlassian System dashboard-Jira is vulnerable to unauthorized access
2022-06-15 00:00:00
packetstorm
packetstorm
Atlassian Jira Server/Data Center 8.4.0 File Read
2021-10-05 00:00:00
zdt
zdt
Atlassian Jira Server/Data Center 8.16.0 - Arbitrary File Read Vulnerability
2021-10-05 00:00:00
nuclei
nuclei
Atlassian Jira Limited - Local File Inclusion
2021-08-26 03:45:56
githubexploit
githubexploit
Exploit for Path Traversal in Atlassian Jira Data Center
2021-10-05 14:09:52
exploitdb
exploitdb
Atlassian Jira Server Data Center 8.16.0 - Arbitrary File Read
2021-10-06 00:00:00
checkpoint_advisories
checkpoint_advisories
Atlassian Confluence Server Arbitrary File Read (CVE-2021-26085; CVE-2021-26086)
2022-02-06 00:00:00
hackerone
hackerone
MariaDB: Path Traversal CVE-2021-26086 CVE-2021-26085
2021-10-13 12:36:15
atlassian
atlassian
Pre-Authorization Arbitrary File Read in /s/ endpoint - CVE-2021-26085
2021-07-21 00:18:45
Pre-Authorization Arbitrary File Read in /s/ endpoint - CVE-2021-26085
2021-07-21 00:18:45
Pre-Authorization Limited Arbitrary File Read in Confluence Server - CVE-2020-29448
2020-11-10 00:03:08
openvas
openvas
'/;/WEB-INF/' Information Disclosure Vulnerability (HTTP)
2021-10-06 00:00:00
JSON
Related for JIRA_8_17_0_JRASERVER-72695.NASL
seebug1prion1nessus1cve1cnvd1packetstorm1zdt1nuclei1githubexploit1exploitdb1checkpoint_advisories1hackerone1atlassian6openvas1