CVE-2021-39109
HIGHAtlassian Atlasboard < 1.1.9 - Path Traversal via renderWidgetResource
Title source: llmDescription
The renderWidgetResource resource in Atlasian Atlasboard before version 1.1.9 allows remote attackers to read arbitrary files via a path traversal vulnerability.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://bitbucket.org/atlassian/atlasboard/commits/9c03df09f09399e2601010466e8ba3a28236eb9c
Scores
CVSS v3
7.5
EPSS
0.0048
EPSS Percentile
65.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (2)
atlassian/atlasboard
< 1.1.9
npm/atlasboard
0 - 1.1.9npm
Published
Sep 01, 2021
Tracked Since
Feb 18, 2026