JIRA Directory Traversal

By
Jijith Rajan
Published on
10 Jan 2022
Vulnerability

Description

Remote attackers can access files in the Jira webroot within the META-INF directory via a lax path access check in the CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1.

Recommendations

  • Update JIRA to the latest version

Written by
Jijith Rajan
Jijith Rajan
Cyber Security Engineer
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days