The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full path of the Jira application data directory via an information disclosure vulnerability in the error message when presented with an invalid filename.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://jira.atlassian.com/browse/JRASERVER-72316 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: atlassian
Published: 2021-04-14T23:45:18.560468Z
Updated: 2024-09-17T03:03:32.925Z
Reserved: 2021-01-25T00:00:00
Link: CVE-2021-26075
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-04-15T00:15:12.920
Modified: 2022-03-30T13:29:19.450
Link: CVE-2021-26075
Redhat
No data.