Description
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint.
The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1.
Affected versions:
version < 8.5.14
8.6.0 <= version < 8.13.6
8.14.0 <= version < 8.16.1
Fixed versions:
8.5.14
8.13.6
8.16.1
8.17.0
Remediation
Upgrade to the latest version of Atlassian Jira Server and Data Center.
References
Related Vulnerabilities
WordPress Plugin Nmedia MailChimp Widget 'abs_path' Parameter Remote File Include (3.1)
Joomla! Core Local File Inclusion (2.5.0 - 3.8.8)
WordPress Plugin Easy2Map Photos Multiple Vulnerabilities (1.0.9)
WordPress Plugin WP Cost Estimation & Payment Forms Builder Directory Traversal (9.659)
WordPress Plugin Duplicator-WordPress Migration Arbitrary File Disclosure (0.3.0)