Atlassian Jira Webroot Directory Traversal Vulnerability
Medium Nessus Plugin ID 130278
SynopsisThe remote web server hosts a web application that is affected by a directory traversal vulnerability.
DescriptionThe instance of Atlassian Jira hosted on the remote web server is affected by a directory traversal vulnerability in CachingResourceDownloadRewriteRule class due to an improper path access restriction. An unauthenticated, remote attacker can exploit this, by sending a specially crafted HTTP request, to disclose sensitive information which may aid in further attacks.
SolutionUpgrade to Atlassian Jira version 7.13.4 / 8.1.1 or later.