CVE-2019-10100

Name of the Vulnerable Software and Affected Versions: JetBrains YouTrack Confluence plugin versions prior to 1.8.1.3

Description: The issue allows for Server Side Template Injection. An attacker can add an Issue macro to a page in Confluence and use a combination of a valid id field and specially crafted code in the link-text-template field to execute code remotely.

Recommendations: For versions prior to 1.8.1.3, update to version 1.8.1.3 or later to resolve the issue. As a temporary workaround, consider restricting the ability to add Issue macros to Confluence pages or limiting the use of the link-text-template field until the update is applied.