CVE-2019-11581

Name of the Vulnerable Software and Affected Versions Atlassian Jira Server and Data Center versions 4.4.0 through 7.6.13 Atlassian Jira Server and Data Center versions 7.7.0 through 7.13.4 Atlassian Jira Server and Data Center versions 8.0.0 through 8.0.2 Atlassian Jira Server and Data Center versions 8.1.0 through 8.1.1 Atlassian Jira Server and Data Center versions 8.2.0 through 8.2.2

Description The issue is related to incorrect code generation management in the Jira error tracking system. Exploitation of this issue may allow a remote attacker to execute arbitrary code. The vulnerability is a server-side template injection vulnerability in Jira Server and Data Center, specifically in the ContactAdministrators and SendBulkMail actions, allowing an attacker to remotely execute code on systems running a vulnerable version of Jira Server or Data Center.

Recommendations For versions 4.4.0 through 7.6.13, update to version 7.6.14 or later. For versions 7.7.0 through 7.13.4, update to version 7.13.5 or later. For versions 8.0.0 through 8.0.2, update to version 8.0.3 or later. For versions 8.1.0 through 8.1.1, update to version 8.1.2 or later. For versions 8.2.0 through 8.2.2, update to version 8.2.3 or later.