CVE-2019-8442
HIGH EXPLOITED NUCLEIJira <7.13.4, <8.0.4, <8.1.1 - Path Traversal
Title source: llmExploitation Summary
CVE-2019-8442 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check.
Nuclei Templates (1)
Jira - Local File Inclusion
HIGHby Kishore Krishna (siLLyDaddy)
Shodan:
http.component:"Atlassian Jira" || http.component:"atlassian jira" || http.component:"atlassian confluence" || cpe:"cpe:2.3:a:atlassian:jira"
References (2)
Core 2
Core References
Issue Tracking, Vendor Advisory x_refsource_misc
https://jira.atlassian.com/browse/JRASERVER-69241
Broken Link vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/108460
Scores
CVSS v3
7.5
EPSS
0.5983
EPSS Percentile
99.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
VulnCheck KEV
2023-11-17
Status
published
Products (2)
atlassian/jira
< 7.13.4
atlassian/jira_server
8.0.0 - 8.0.4
Published
May 22, 2019
Tracked Since
Feb 18, 2026