CVE-2021-39109

7.5 HIGH

The renderWidgetResource resource in Atlasian Atlasboard before version 1.1.9 allows remote attackers to read arbitrary files via a path ...

Published: 2021-09-01 · Last updated: 2026-06-17

Severity and scoring

CVSS: 7.5 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-22

Affected products

Vendor	Product
atlassian	atlasboard

Description

The renderWidgetResource resource in Atlasian Atlasboard before version 1.1.9 allows remote attackers to read arbitrary files via a path traversal vulnerability.

Source: NVD

References

Related CVEs

Same vendor

CVE-2021-41312 — Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Man... (7.5 HIGH)
CVE-2021-41310 — Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a ... (6.1 MEDIUM)
CVE-2021-41313 — Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configu... (4.3 MEDIUM)
CVE-2021-41308 — Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Re... (6.5 MEDIUM)
CVE-2021-41307 — Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects a... (7.5 HIGH)

Same CWE

CVE-2026-48777 — FileBrowser Quantum is a free, self-hosted, web-based file manager
CVE-2026-8442 — The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8 (8.1 HIGH)
CVE-2026-49766 — Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions (9.9 CRITICAL)
CVE-2026-49061 — Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions (7.5 HIGH)
CVE-2026-40779 — Contributor Arbitrary File Deletion in Link Library <= 7.8.8 versions (7.7 HIGH)