Home

CVE-2020-29453

Description

The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.

Risk Information

Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
80.477

Associated Vulnerability

VulnerabilityOS Platform
Vulnerability CVE-2020-29453,CVE-2020-36234,CVE-2020-36236,CVE-2021-26069 are affected in Atlassian Jira 8.14.1Windows
Vulnerabilities CVE-2020-29453,CVE-2020-36234,CVE-2021-26069 are affected in Atlassian Jira Core Data Center 8.14.1Windows
Multiple Vulnerabilities are affected in Atlassian Jira 8.13.2Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234