Lucene search

[email protected]NVD:CVE-2021-26068

HistoryFeb 22, 2021 - 9:15 p.m.

CVE-2021-26068

2021-02-2221:15:19

CWE-74

[email protected]

web.nvd.nist.gov

atlassian jira server

slack plugin

code execution

cve-2021-26068

template injection

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

64.8%

JSON

An endpoint in Atlassian Jira Server for Slack plugin from version 0.0.3 before version 2.0.15 allows remote attackers to execute arbitrary code via a template injection vulnerability.

Affected configurations

Nvd

Node

atlassianjira_server_for_slackRange0.0.3–2.0.15

VendorProductVersionCPE
atlassianjira_server_for_slack*cpe:2.3:a:atlassian:jira_server_for_slack:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
atlassian	jira_server_for_slack	*	cpe:2.3:a:atlassian:jira_server_for_slack::::::::

References

confluence.atlassian.com/jira/jira-server-for-slack-security-advisory-17th-february-2021-1044091690.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

64.8%

JSON

Related for NVD:CVE-2021-26068

cve1 prion1 cvelist1