The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote malicious users to access files in the Jira webroot under the META-INF directory via a lax path access check.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
atlassian jira |
||
atlassian jira server |