The instance has been found vulnerable to CVE-2021-26086. And this allows remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. More info here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26086
The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1.
To fix this, you should update to the most recent version.
Found pom.properties through CVE-2021-26086: #Generated by Maven #Wed Oct 07 15:19:33 UTC 2020 version=8.13.0 groupId=com.atlassian.jira artifactId=jira-webapp-dist
same here : legaljira.linuxfoundation.org
bip! I'm a LeakIX probe. This issue looks like it has been resolved!