CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-26086

Known Exploited (CISA KEV)MEDIUM
5.3
CVSS Severity Score
EPSS Score52.1730%
EPSS Percentile88.73th
Published2021年8月16日
Last Modified2025年10月24日

Vulnerability Description

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1.

Affected Platforms (CPE)

📦
Atlassian

Jira Data Center

< 8.5.14
📦
Atlassian

Jira Data Center

>= 8.6.0 and < 8.13.6
📦
Atlassian

Jira Data Center

>= 8.14.0 and < 8.16.1
📦
Atlassian

Jira Server

< 8.5.14
📦
Atlassian

Jira Server

>= 8.6.0 and < 8.13.6
📦
Atlassian

Jira Server

>= 8.14.0 and < 8.16.1

References & Advisories

🔗 http://packetstormsecurity.com/files/164405/Atlassian-Jira-Server-Data-Center-8.4.0-File-Read.html
🔗 https://jira.atlassian.com/browse/JRASERVER-72695
🔗 http://packetstormsecurity.com/files/164405/Atlassian-Jira-Server-Data-Center-8.4.0-File-Read.html
🔗 https://jira.atlassian.com/browse/JRASERVER-72695
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-26086

関連する脆弱性情報

CVE-2019-204099.8

The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attac...

CVE-2020-141729.8

This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has b...

CVE-2019-115819.8

There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the Send...

CVE-2020-362399.8

Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, fro...