CVE-2021-26075

EPSS 1.6%

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 1.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

14 Apr 2021Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full path of the Jira application data directory via an information disclosure vulnerability in the error message when presented with an invalid filename.

Affected products

Atlassian · Jira Data Center Atlassian · Jira Server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://jira.atlassian.com/browse/JRASERVER-72316