The instance has been found vulnerable to CVE-2021-26086. And this allows remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. More info here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26086
The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1.
To fix this, you should update to the most recent version.
Found pom.properties through CVE-2021-26086:
#Generated by Maven
#Mon Jul 22 06:57:24 UTC 2019
version=8.3.0
groupId=com.atlassian.jira
artifactId=jira-webapp-dist
bip! I'm a LeakIX probe. This issue looks like it has been resolved!