Lucene search
AminozhenkoATLASSIAN:JRASERVER-69933HistorySep 09, 2019 - 1:22 a.m.
Template injection in Jira importers plugin - CVE-2019-15001
2019-09-0901:22:16
aminozhenko
jira.atlassian.com
59
EPSS
0.016
Percentile
87.6%
h3. Issue Summary
There was a server-side template injection vulnerability in Jira Server and Data Center, in the Jira Importers Plugin (JIM). An attacker with “JIRA Administrators” access can exploit this issue. Successful exploitation of this issue allows an attacker to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center.
Affected version:
- Versions of Jira Server & Jira Data Center starting with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8 (the fixed version for 7.13.x), from 8.0.0 before 8.1.3 (the fixed version for 8.1.x), from 8.2.0 before 8.2.5 (the fixed version for 8.2.x), and from 8.3.0 before 8.3.4 (the fixed version for 8.3.x) , and from 8.4.0 before 8.4.1 (the fixed version for 8.4.x) are affected by this vulnerability.
h3. Fix
We have released the following versions of Jira Server & Jira Data Center to address this issue:
- 8.4.1 which is available for download from https://www.atlassian.com/software/jira/download
- 8.3.4 which is available for download from https://www.atlassian.com/software/jira/update
- 8.2.5 which is available for download from https://www.atlassian.com/software/jira/update
- 8.1.3 which is available for download from https://www.atlassian.com/software/jira/update
- 7.13.8 which is available for download from https://www.atlassian.com/software/jira/update
- 7.6.16 which is available for download from https://www.atlassian.com/software/jira/update
We have released the following versions of Jira Software Server to address this issue:
- 8.4.1 which is available for download from https://www.atlassian.com/software/jira/download
- 8.3.4 which is available for download from https://www.atlassian.com/software/jira/update
- 8.2.5 which is available for download from https://www.atlassian.com/software/jira/update
- 8.1.3 which is available for download from https://www.atlassian.com/software/jira/update
- 7.13.8 which is available for download from https://www.atlassian.com/software/jira/update
- 7.6.16 which is available for download from https://www.atlassian.com/software/jira/update
For additional details, see the [full advisory|https://confluence.atlassian.com/jira/jira-security-advisory-2019-09-18-976766250.html].
Related
nessus
nessus
nvd
nvd
CVE-2019-15001
2019-09-19 15:15:15
prion
prion
Design/Logic Flaw
2019-09-19 15:15:00
cvelist
cvelist
CVE-2019-15001
2019-09-19 14:28:36
atlassian
atlassian
Template injection in Jira importers plugin - CVE-2019-15001
2019-09-09 01:22:16
cve
cve
CVE-2019-15001
2019-09-19 15:15:15