CVE-2019-15001

Name of the Vulnerable Software and Affected Versions Atlassian Jira Server and Data Center versions 7.0.10 through 7.6.16 Atlassian Jira Server and Data Center versions 7.7.0 through 7.13.8 Atlassian Jira Server and Data Center versions 8.0.0 through 8.1.3 Atlassian Jira Server and Data Center versions 8.2.0 through 8.2.5 Atlassian Jira Server and Data Center versions 8.3.0 through 8.3.4 Atlassian Jira Server and Data Center versions 8.4.0 through 8.4.1

Description The issue allows remote attackers with Administrator permissions to gain remote code execution via a template injection vulnerability through the use of a crafted PUT request.

Recommendations For versions 7.0.10 through 7.6.16, update to a version after 7.6.16. For versions 7.7.0 through 7.13.8, update to a version after 7.13.8. For versions 8.0.0 through 8.1.3, update to a version after 8.1.3. For versions 8.2.0 through 8.2.5, update to a version after 8.2.5. For versions 8.3.0 through 8.3.4, update to a version after 8.3.4. For versions 8.4.0 through 8.4.1, update to a version after 8.4.1.