The host is installed with Atlassian Jira Server before 7.13.4, 8.0.0 before 8.0.4 or 8.1.0 before 8.1.1 and is prone to an information disclosure vulnerability. A flaw is present in the application which fails to properly handle issues in CachingResourceDownloadRewriteRule class. Successful exploitation could allow remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check.