CVE-2019-8442
First published: Wed May 22 2019(Updated: )
The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Jira Core | <7.13.4 | |
| Atlassian Server | >=8.0.0<8.0.4 | |
| Atlassian Server | >=8.1.0<8.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-8442?
CVE-2019-8442 has been classified as a high severity vulnerability.
How do I fix CVE-2019-8442?
To fix CVE-2019-8442, upgrade to Jira versions 7.13.4, 8.0.4, or 8.1.1 or later.
What systems are affected by CVE-2019-8442?
CVE-2019-8442 affects Jira versions prior to 7.13.4, and versions from 8.0.0 to 8.0.4, and from 8.1.0 to 8.1.1.
What type of attack can occur due to CVE-2019-8442?
CVE-2019-8442 allows remote attackers to access sensitive files in the Jira webroot.
Is CVE-2019-8442 a local or remote vulnerability?
CVE-2019-8442 is a remote vulnerability.
- agent/references
- agent/type
- agent/softwarecombine
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/atlassian
- canonical/atlassian jira core
- canonical/atlassian server
- version/atlassian server/8.0.0
- version/atlassian server/8.1.0