The instance has been found vulnerable to CVE-2021-26086. And this allows remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. More info here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26086

The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1.

To fix this, you should update to the most recent version.

Found pom.properties through CVE-2021-26086:
#Generated by Maven
#Wed Oct 07 15:19:33 UTC 2020
version=8.13.0
groupId=com.atlassian.jira
artifactId=jira-webapp-dist

Report created by deleted-user  2021-10-23

Report approved by BloodyShell  2021-10-23

New PDF report generated by system 2021-10-23

Report dispatched to ...@... by system 2021-10-23

Report dispatched to ...@... by system 2021-10-23

system commented 2021-11-03: approved shows in report

bip! I'm a LeakIX probe.

This issue looks like it has been resolved!

New PDF report generated by system 2021-11-03

Report comment dispatched to zythop by system 2021-11-03

Report comment dispatched to dpd@rsw.be by system 2021-11-03

Report comment dispatched to info@rsw.be by system 2021-11-03

Report marked as fixed by BloodyShell  2021-11-03

Report closed by BloodyShell  2021-11-03

New PDF report generated by system 2021-11-03

Report edited by BloodyShell  2021-12-06

New PDF report generated by system 2021-12-06