• Creation
  • Validation
  • Communication & fix
  • Disclosure

Deutsch telekom / Jira vulnerable to CVE-2021-26086

zythop reported 2021-10-17

The instance has been found vulnerable to CVE-2021-26086. And this allows remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. More info here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26086

The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1.

To fix this, you should update to the most recent version.

IPS: 18.184.250.97 18.159.240.195 18.197.24.250 18.159.240.195 18.197.24.250 18.184.250.97 18.159.240.195 18.197.24.250 18.184.250.97

IP:
18.184.250.97
Port:
443
Detected protocol:
https
Found pom.properties through CVE-2021-26086:
#Generated by Maven
#Thu Jan 14 13:36:09 UTC 2021
version=8.13.3
groupId=com.atlassian.jira
artifactId=jira-webapp-dist
Found by JiraPlugin 2021-10-15
IP:
18.184.250.97
Port:
443
Detected protocol:
https
Found pom.properties through CVE-2021-26086:
#Generated by Maven
#Thu Jan 14 13:36:09 UTC 2021
version=8.13.3
groupId=com.atlassian.jira
artifactId=jira-webapp-dist
Found by JiraPlugin 2021-11-10
IP:
18.184.250.97
Port:
443
Detected protocol:
https
Found pom.properties through CVE-2021-26086:
#Generated by Maven
#Thu Jan 14 13:36:09 UTC 2021
version=8.13.3
groupId=com.atlassian.jira
artifactId=jira-webapp-dist
Found by JiraPlugin 2021-11-11
Report created by zythop  2021-10-17
Report edited by BloodyShell  2021-10-18
Report approved by BloodyShell  2021-10-18
New PDF report generated by system 2021-10-18
Report dispatched to ...@... by system 2021-10-18
system commented 2021-10-20: approved shows in report

Email from: bugbounty@t-mobile.cz

Dear Madam / Sir,

let us inform you that the vulnerability you reported was evaluated as valid,
but it has been already discovered and reported by another hacker before you
and we are working on fixing it.. Nevertheless, we’d like to appreciate your
effort by publishing your name or hacker nickname together with discovered
vulnerability on our Acknowledgements page -
[1]https://www.telekom.com/en/corporate-responsibility/data-protection-data-security/security/details/acknowledgements-358300.

If you’re interested, please send us your name, URL and twitter/facebook
profile for publishing.

Don’t hesitate to send us more reports.

Kind regards,
Bug Bounty Team

Von: cebc1b3c-9e3b-4c62-9ee9-a5013095d2c7+tNGgENy9xk@reports.leakix.net
<cebc1b3c-9e3b-4c62-9ee9-a5013095d2c7+tNGgENy9xk@reports.leakix.net>
Gesendet: Montag, 18. Oktober 2021 15:58
An: FMB CERT <CERT@telekom.de>
Betreff: Security issue detected for Deutsch telekom : Jira vulnerable to
CVE-2021-26086

Dear Deutsch telekom,

Security researcher zythop has identified a security issue in your
infrastructure through our prevention platform.
The issue has been confirmed by our team and its priority is medium.

Please use this email address ( [2]
cebc1b3c-9e3b-4c62-9ee9-a5013095d2c7+tNGgENy9xk@reports.leakix.net ) for
further communications with the involved parties.

This report has been dispatched to [cert@telekom.de]

Report ID[3]cebc1b3c-9e3b-4c62-9ee9-a5013095d2c7
OwnerDeutsch telekom
TitleJira vulnerable to CVE-2021-26086 Researcher report

The instance has been found vulnerable to CVE-2021-26086. And this allows
remote attackers to read particular files via a path traversal vulnerability
in the /WEB-INF/web.xml endpoint. More info here:
[4]https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26086

The affected versions are before version 8.5.14, from version 8.6.0 before
8.13.6, and from version 8.14.0 before 8.16.1.

To fix this, you should update to the most recent version.

IPS: 18.184.250.97 18.159.240.195 18.197.24.250 18.159.240.195 18.197.24.250
18.184.250.97 18.159.240.195 18.197.24.250 18.184.250.97

Related events HostPortSourceCountryPriorityInfectedLeak rowsLeak size
18.184.250.97 (jira.telekom.de)443JiraPluginGermanyhighfalse0 rows0 B Report
timeline  Report created by zythop on Sun, 17 Oct 2021 08:08:26 UTC
Report edited by BloodyShell on Mon, 18 Oct 2021 13:57:25 UTC
Report approved by BloodyShell on Mon, 18 Oct 2021 13:57:26 UTC
New PDF report generated by system on Mon, 18 Oct 2021 13:57:27 UTC

This is a free prevention report and not a sales attempt.
While we do encourage rewarding researchers, we do not promote any kind of
ransom or extortion scheme.
Should a researcher require money from you, let us know at
[5]fraud@leakix.net, we'll take
the appropriate actions and provide you guidance in the next steps.

LeakIX prevention team
[6]support@leakix.net
[7]https://leakix.net/

[1] https://www.telekom.com/en/corporate-responsibility/data-protection-data-security/security/details/acknowledgements-358300
[2] mailto:cebc1b3c-9e3b-4c62-9ee9-a5013095d2c7+tNGgENy9xk@reports.leakix.net
[3] https://leakix.net/reports/cebc1b3c-9e3b-4c62-9ee9-a5013095d2c7?key=P4VXuZCM2AOkZ2hUlDm2JQsd
[4] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26086
[5] mailto:fraud@leakix.net
[6] mailto:support@leakix.net
[7] https://leakix.net/

Report comment dispatched to BloodyShell by system 2021-10-20
Report comment dispatched to iampritam by system 2021-10-20
Report comment dispatched to fokoil by system 2021-10-20
Report comment f9c5aa approved by BloodyShell  2021-10-20
New PDF report generated by system 2021-10-20
Report comment dispatched to zythop by system 2021-10-20
Report comment dispatched to cert@telekom.de by system 2021-10-20
system commented 2021-11-12: approved shows in report

bip! I'm a LeakIX probe.

This issue looks like it has been resolved!

New PDF report generated by system 2021-11-12
Report comment dispatched to zythop by system 2021-11-12
Report comment dispatched to cert@telekom.de by system 2021-11-12
Report edited by zythop  2022-01-06
New PDF report generated by system 2022-01-06
Information
Owner Deutsch telekom
Created 2021-10-17 08:08
Updated 2022-01-06 15:21
Fixed false

Contacts
c...@telekom.de

Status
Status closed
Hosting contacted false
CERT contacted false

Download report