PT-2019-13927 · Atlassian · Jira
Alexmin
·
Published
2019-09-19
·
Updated
2022-04-22
·
CVE-2019-15001
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Atlassian Jira Server and Data Center versions 7.0.10 through 7.6.16
Atlassian Jira Server and Data Center versions 7.7.0 through 7.13.8
Atlassian Jira Server and Data Center versions 8.0.0 through 8.1.3
Atlassian Jira Server and Data Center versions 8.2.0 through 8.2.5
Atlassian Jira Server and Data Center versions 8.3.0 through 8.3.4
Atlassian Jira Server and Data Center versions 8.4.0 through 8.4.1
Description
The issue allows remote attackers with Administrator permissions to gain remote code execution via a template injection vulnerability through the use of a crafted PUT request.
Recommendations
For versions 7.0.10 through 7.6.16, update to a version after 7.6.16.
For versions 7.7.0 through 7.13.8, update to a version after 7.13.8.
For versions 8.0.0 through 8.1.3, update to a version after 8.1.3.
For versions 8.2.0 through 8.2.5, update to a version after 8.2.5.
For versions 8.3.0 through 8.3.4, update to a version after 8.3.4.
For versions 8.4.0 through 8.4.1, update to a version after 8.4.1.
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jira