1. Home
  2. CVE Database
  3. CVE-2020-29453
MEDIUM · 5.3

CVE-2020-29453

The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0 allowed unauthenticated remote attackers...

Vulnerability Description

The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
AtlassianData Center>= 8.5.10, < 8.5.11
AtlassianJira Data Center>= 8.14.0, < 8.15.0
AtlassianJira Server>= 8.5.10, < 8.5.11

Related Weaknesses (CWE)

CWE-22

References

FAQ

What is CVE-2020-29453?

CVE-2020-29453 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0 allowed unauthenticated remote attackers...

How severe is CVE-2020-29453?

CVE-2020-29453 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-29453?

Check the references section above for vendor advisories and patch information. Affected products include: Atlassian Data Center, Atlassian Jira Data Center, Atlassian Jira Server.