Back to KEVs

CVE-2021-26086

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in...

Basic Information

CVE State
PUBLISHED
Reserved Date
January 25, 2021
Published Date
August 16, 2021
Last Updated
November 13, 2024
Vendor
Atlassian
Product
Jira Server, Jira Data Center
Description
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1.

CVSS Scores

SSVC Information

Exploitation
active
Automatable
Yes
Technical Impact
partial

Exploit Status

Exploited in the Wild
Yes (added 2024-11-12 00:00:00 UTC) Source
Proof of Concept Available
Yes (added 2021-10-05 14:09:52 UTC) Source

References

https://jira.atlassian.com/browse/JRASERVER-72695 http://packetstormsecurity.com/files/164405/Atlassian-Jira-Server-Data-Center-8.4.0-File-Read.html

Known Exploited Vulnerability Information

Source Added Date
CISA 2024-11-12 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-26086.yaml 2025-04-26 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

ColdFusionX/CVE-2021-26086

Type: github • Created: 2021-10-05 14:09:52 UTC • Stars: 23

Atlassian Jira Server/Data Center 8.4.0 - Arbitrary File read (CVE-2021-26086)