SynopsisAtlassian JIRA Service Desk < 3.9.16 Path Traversal Vulnerability
DescriptionAccording to its self-reported version number, the Atlassian JIRA Service Desk application running on the remote host is prior to 3.9.16, 3.10.x prior to 3.16.8, 4.0.x prior to 4.1.3, 4.2.x prior to 4.2.5, 4.3.x prior to 4.3.4 or 4.4.x prior to 4.4.1. It is, therefore, affected by a path traversal vulnerability. An authenticated, remote attacker can exploit this to view all issues from all the projects in the affected instance.
Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Atlassian JIRA Service Desk version 3.9.16 or later.