9.8

CVE-2019-11581

Warnung
There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AtlassianJira Server Version >= 4.4 < 7.6.14
AtlassianJira Server Version >= 7.7.0 < 7.13.5
AtlassianJira Server Version >= 8.0.0 < 8.0.3
AtlassianJira Server Version >= 8.1.0 < 8.1.2
AtlassianJira Server Version >= 8.2.0 < 8.2.3

07.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Atlassian Jira Server and Data Center Server-Side Template Injection Vulnerability

Schwachstelle

Atlassian Jira Server and Data Center contain a server-side template injection vulnerability which can allow for remote code execution.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 94.36% 1
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.