What is CVE-2020-29453?

CVE-2020-29453 is a vulnerability in Atlassian Jira Data Center. Published 2021-02-18.

Is CVE-2020-29453 known to be exploited?

8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Atlassian Jira Data Center

CVE-2020-29453

The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.11, from 8.6.0 before 8.13.3, and from 8.14.0 before 8.15.0 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF…

EPSS: 0.869 (99.4th percentile) — read the EPSS interpretation.

Affected products

Atlassian Jira Data Center — versions unspecified, 8.6.0, 8.14.0
Atlassian Jira Server — versions unspecified, 8.6.0, 8.14.0

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
UGF0aWVudF9aZXJv/Atlassian-Jira-pentesting
pen4uin/awesome-vulnerability-research
pen4uin/vulnerability-research
pen4uin/vulnerability-research-list
sushantdhopat/JIRA_

References

jira.atlassian.com/browse/JRASERVER-72014 (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-29453?: CVE-2020-29453 is a vulnerability in Atlassian Jira Data Center. Published 2021-02-18.
Is CVE-2020-29453 known to be exploited?: 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.