Vulnerability Details : CVE-2019-8442
The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check.
Products affected by CVE-2019-8442
- cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
Threat overview for CVE-2019-8442
Top countries where our scanners detected CVE-2019-8442
Top open port discovered on systems with this issue
80
IPs affected by CVE-2019-8442 2,394
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2019-8442!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2019-8442
96.44%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-8442
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
References for CVE-2019-8442
-
http://www.securityfocus.com/bid/108460
Atlassian JIRA CVE-2019-8442 Information Disclosure VulnerabilityBroken Link
-
https://jira.atlassian.com/browse/JRASERVER-69241
[JRASERVER-69241] Lax path access check allowing access to webroot files in the META-INF directory in the CachingResourceDownloadRewriteRule class - CVE-2019-8442 - Create and track feature requests fIssue Tracking;Vendor Advisory
Jump to