exploitDog

GHSA-jg96-3p93-wmvr

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 5.3

Описание

The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.

The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.

Ссылки

EPSS

Процентиль: 99%

0.80477

Высокий

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-22

Связанные уязвимости

CVE-2020-29453

CVSS3: 5.3

nvd

почти 5 лет назад

The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.

EPSS

Процентиль: 99%

0.80477

Высокий

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-22