Template Injection in Email Templates leads to RCE on Jira Service Management Server - CVE-2021-39128

2021-09-1501:19:48

security-metrics-bot

jira.atlassian.com

0.003 Low

EPSS

Percentile

68.8%

JSON

Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature.

The affected versions of Jira Server or Data Center are before version 8.13.12, and from version 8.14.0 before 8.19.1.

Affected versions:

version < 8.13.12
8.14.0 ≤ version < 8.19.1

Fixed versions:

8.13.12
8.19.1
8.20.0
8.21.0

CPENameOperatorVersion
jira server and data centerle8.19.0
jira server and data centerlt8.20.0
jira server and data centerle8.13.10
jira server and data centerlt8.19.1
jira server and data centerlt8.21.0
jira server and data centerlt8.13.12

Name	Operator	Version
jira server and data center	le	8.19.0
jira server and data center	lt	8.20.0
jira server and data center	le	8.13.10
jira server and data center	lt	8.19.1
jira server and data center	lt	8.21.0
jira server and data center	lt	8.13.12

0.003 Low

EPSS

Percentile

68.8%

JSON

Related for ATLASSIAN:JRASERVER-72804