What is CVE-2019-8442?

CVE-2019-8442 is a vulnerability in Atlassian Jira. Published 2019-05-22.

Is CVE-2019-8442 known to be exploited?

27 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Atlassian Jira

CVE-2019-8442

The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META…

EPSS: 0.931 (99.8th percentile) — read the EPSS interpretation.

Affected products

Atlassian Jira — versions unspecified, 8.0.0, unspecified

Public proof-of-concept exploits

0day404/vulnerability-poc
0ps/pocassistdb
20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
ArrestX/--POC
Elsfa7-110/kenzer-templates
Faizee-Asad/JIRA-Vulnerabilities
KayCHENvip/vulnerability-poc
Miraitowa70/POC-Notes

References

jira.atlassian.com/browse/JRASERVER-69241 (x_refsource_MISC)
108460 (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2019-8442?: CVE-2019-8442 is a vulnerability in Atlassian Jira. Published 2019-05-22.
Is CVE-2019-8442 known to be exploited?: 27 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.