vulnerability
Atlassian JIRA: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CVE-2020-29453)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Feb 22, 2021 | Apr 8, 2021 | Aug 11, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Feb 22, 2021
Added
Apr 8, 2021
Modified
Aug 11, 2025
Description
The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.
Solutions
atlassian-jira-upgrade-8_13_3atlassian-jira-upgrade-8_15_0atlassian-jira-upgrade-8_5_11
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.