CVE-2021-26086 PoC — Atlassian Jira 路径遍历漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-26086.yaml

Associated Vulnerability

Title:Atlassian Jira 路径遍历漏洞 (CVE-2021-26086)
Description:Atlassian Jira是澳大利亚Atlassian公司的一套缺陷跟踪管理系统。该系统主要用于对工作中各类问题、缺陷进行跟踪管理。 Atlassian Jira存在安全漏洞，该漏洞源于受影响版本的Atlassian Jira服务器和数据中心代码开发过程中存在实现不当的问题导致路径遍历漏洞。允许远程攻击者可利用该漏洞通过WEB-INF web.xml端点读取特定文件。受影响的版本为8.5.14之前版本、8.6.0版本至8.13.6、8.14.0版本至8.16.1。

Description

Affected versions of Atlassian Jira Limited Server and Data Center are vulnerable to local file inclusion because they allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint.

File Snapshot


 id: CVE-2021-26086

info:
  name: Atlassian Jira Limited -  Local File Inclusion
  author: cocxanh
 

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!