- Creation
- Validation
- Communication & fix
- Disclosure
Alcatel-lucent / Jira vulnerable to CVE-2021-26086
Deleted user
reported 2021-10-12
The instance has been found vulnerable to CVE-2021-26086. And this allows remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. More info here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26086
The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1.
To fix this, you should update to the most recent version.
IP:
213.39.19.123Port:
443Detected protocol:
httpsVulnerable URL:
https://jira.ale-international.com/s/lkx/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.propertiesFound pom.properties through CVE-2021-26086:
#Generated by Maven
#Mon Nov 23 12:46:07 UTC 2020
version=8.14.0
groupId=com.atlassian.jira
artifactId=jira-webapp-dist
Found by JiraPlugin 2021-10-12
IP:
213.39.19.123Port:
443Detected protocol:
httpsVulnerable URL:
https://jira.ale-international.com/s/lkx/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.propertiesFound pom.properties through CVE-2021-26086:
#Generated by Maven
#Mon Nov 23 12:46:07 UTC 2020
version=8.14.0
groupId=com.atlassian.jira
artifactId=jira-webapp-dist
Found by JiraPlugin 2021-11-30
IP:
213.39.19.123Port:
443Detected protocol:
httpsVulnerable URL:
https://jira.ale-international.com/s/lkx/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.propertiesFound pom.properties through CVE-2021-26086:
#Generated by Maven
#Mon Nov 23 12:46:07 UTC 2020
version=8.14.0
groupId=com.atlassian.jira
artifactId=jira-webapp-dist
Found by JiraPlugin 2021-12-01
Report created by
deleted-user
2021-10-12
deleted-user
2021-10-12
deleted-user
commented 2021-10-12:
approved
doesn't show in report
same here : jira-qa.app.ale-international.com
Report approved by
BloodyShell
2021-10-12
BloodyShell
2021-10-12
New PDF report generated by system 2021-10-12
Report dispatched to ...@... by system 2021-10-12
Report dispatched to ...@... by system 2021-10-12
Report comment dispatched to BloodyShell by system 2021-10-21
Report comment dispatched to iampritam by system 2021-10-21
Report comment dispatched to fokoil by system 2021-10-21
system
commented 2022-01-05:
approved
shows in report
bip! I'm a LeakIX probe. This issue looks like it has been resolved!
New PDF report generated by system 2022-01-05
Report comment dispatched to zythop by system 2022-01-05
Report comment dispatched to dataprivacy@al-enterprise.com by system 2022-01-05
Report comment dispatched to cert-fr.cossi@ssi.gouv.fr by system 2022-01-05
Report marked as fixed by
BloodyShell
2022-01-05
BloodyShell
2022-01-05
Report closed by
BloodyShell
2022-01-05
BloodyShell
2022-01-05
New PDF report generated by system 2022-01-05
Report edited by
deleted-user
2022-01-05
deleted-user
2022-01-05
New PDF report generated by system 2022-01-05
Information
Owner
Alcatel-lucent
Created
2021-10-12 17:46
Updated
2022-01-05 18:44
Fixed
true
Contacts
d...@al-enterprise.com
c...@ssi.gouv.fr
Status
Status
closed
Hosting contacted
false
CERT contacted
false
Download report