Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint.
The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1.
version < 8.5.14
8.6.0 <= version < 8.13.6
8.14.0 <= version < 8.16.1
Upgrade to the latest version of Atlassian Jira Server and Data Center.