Jira: Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path…
Summary
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1.
CISA Known Exploited Vulnerability
- Listed:
- Nov 12, 2024 · federal remediation due Dec 3, 2024
- Required action:
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Ransomware use:
- Unknown
KEV is a prioritization signal from CISA — remediation detail still comes from the vendor advisory.
- 8.6.0
- 8.14.0
Official advisory · high-confidence parse· fetched 2 days ago·verify at source
- 8.13.6
- 8.16.1
Official advisory · high-confidence parse· fetched 2 days ago·verify at source
Mitigation
Mitigation steps weren't captured by the parser for this advisory — this is a parsing gap, not a statement that no fix exists. Read the vendor advisory below for the authoritative guidance.
Official advisory · high-confidence parse· fetched 2 days ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.