CVE-2021-26075: 
JIRA vulnerability analysis and mitigation

The vulnerability (CVE-2021-26075) affects the Jira importers plugin AttachTemporaryFile REST resource in Jira Server and Data Center. The vulnerability was discovered and reported on January 25, 2021, and affects multiple versions including versions before 8.5.12, versions 8.6.0 to 8.13.4, and versions 8.14.0 to 8.15.1. This security flaw allows remote authenticated attackers to obtain the full path of the Jira application data directory through an information disclosure vulnerability (Atlassian Jira).

The vulnerability stems from an information disclosure flaw in the error message system when presented with an invalid filename in the Jira importers plugin. The vulnerability has been assigned a CVSS score of 4.3 (Medium severity), indicating a moderate level of risk (Atlassian Jira).

When successfully exploited, the vulnerability allows authenticated remote attackers to obtain sensitive information about the Jira application data directory's full path. This information could potentially be used as a stepping stone for further attacks or system compromise (Atlassian Jira).

Atlassian has released fixed versions to address this vulnerability. Users should upgrade to version 8.5.12 (for 8.5.x branch), version 8.13.4 (for 8.6.0-8.13.x branch), or version 8.15.1 (for 8.14.0-8.15.x branch) to mitigate this security issue (Atlassian Jira).