CVE-2021-39109: Path traversal in atlasboard

September 2, 2021 (updated October 14, 2024)

The renderWidgetResource resource in Atlasian Atlasboard before version 1.1.9 allows remote attackers to read arbitrary files via a path traversal vulnerability.

References

bitbucket.org/atlassian/atlasboard/commits/9c03df09f09399e2601010466e8ba3a28236eb9c
bitbucket.org/atlassian/atlasboard/pull-requests/91/buildeng-19379-apply-only-the-path
bitbucket.org/atlassian/atlasboard/src/master
github.com/advisories/GHSA-25pr-6pr6-68v7
nvd.nist.gov/vuln/detail/CVE-2021-39109

Code Behaviors & Features

Detect and mitigate CVE-2021-39109 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →