CVE-2021-26075
Published on: 04/14/2021 12:00:00 AM UTC
Last Modified on: 03/30/2022 01:29:00 PM UTC
Certain versions of Data Center from Atlassian contain the following vulnerability:
The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full path of the Jira application data directory via an information disclosure vulnerability in the error message when presented with an invalid filename.
- CVE-2021-26075 has been assigned by
securit[email protected] to track the vulnerability - currently rated as MEDIUM severity.
CVSS3 Score: 4.3 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | LOW | NONE |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | LOW | NONE | NONE |
CVSS2 Score: 4 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | LOW | SINGLE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | NONE | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
[JRASERVER-72316] Full path information disclose via invalid filename error message - CVE-2021-26075 - Create and track feature requests for Atlassian products. | jira.atlassian.com text/html |
![]() |
Related QID Numbers
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Atlassian | Data Center | All | All | All | All |
Application | Atlassian | Jira | All | All | All | All |
Application | Atlassian | Jira Data Center | All | All | All | All |
Application | Atlassian | Jira Server | All | All | All | All |
- cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*:
- cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
My first #cve on jira CVE-2021-26075 #bug #jira jira.atlassian.com/browse/JRASERV… https://t.co/y57bfb6gQu | 2021-05-13 13:43:49 |
![]() |
CVE-2021-26075 | 2021-04-15 00:20:11 |