CVE-2019-8442
First published: Wed May 22 2019(Updated: )
The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian JIRA | <7.13.4 | |
| Atlassian Jira Server | >=8.0.0<8.0.4 | |
| Atlassian Jira Server | >=8.1.0<8.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/atlassian
- canonical/atlassian jira
- canonical/atlassian jira server
- version/atlassian jira server/8.0.0
- version/atlassian jira server/8.1.0