Path Traversal CVE-2021-26086 CVE-2021-26085

These vulnerabilities were found with https://trickest.com https://trickest.io CVE-2021-26085: ===================== >https://jira.mariadb.org:/s/123cfx/_/;/WEB-INF/web.xml CVE-2021-26086: ===================== >https://jira.mariadb.org/s/cfx/_/;/WEB-INF/web.xml Video explanation: --------------------- ### Node EOF-RAW-blocked: - Found Jira hosts from various bug bounty programs convert to file ### Node SED-ADD-AT-BEGINNING: - Append https:// to every line ### Node PASTE-JIRA-PATHS - Converts Jira paths to file ### Node MEG(tool) - Requesting URLs and paths from the file ### Node IS-IT-JIRA? - Checking if the requested URL is Jira ### Node TAKE-JIRA-URLs - Parsing previous nodes to get raw URLs ### Node CVE-2021-26086 - Converts payloads to a file ### Node CVE-2021-26085 - Converts payloads to a file ### Node RECURSIVELY-CAT-ALL - Converts payloads file into one ### Node MEG (2) - Requesting URLs and paths from the file ### Node VALIDATE CVE-2021-26086 - Validates CVEs by searching for "<web-app </web-app>" in meg responses ## Impact CVE-2021-26086 allows remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint CVE-2021-26085 allows remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint.