CVE-2020-29453

MEDIUM NUCLEI

Jira Server/Jira Data Center <8.5.11, <8.6.0-8.13.3, <8.14.0-8.15.0...

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2020-29453 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.

Description

The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.

Nuclei Templates (1)

Jira Server Pre-Auth - Arbitrary File Retrieval (WEB-INF, META-INF)
MEDIUMby dwisiswant0
Shodan: http.component:"Atlassian Jira" || http.component:"atlassian jira"

References (1)

Core 1
Core References
Vendor Advisory x_refsource_misc
https://jira.atlassian.com/browse/JRASERVER-72014

Scores

CVSS v3 5.3
EPSS 0.2309
EPSS Percentile 97.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-22
Status published
Products (3)
atlassian/data_center 8.5.10 - 8.5.11
atlassian/jira_data_center 8.14.0 - 8.15.0
atlassian/jira_server 8.5.10 - 8.5.11
Published Feb 22, 2021
Tracked Since Feb 18, 2026