13 matches found
CVE-2021-39128
Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. The affected versions of Jira...
CVE-2021-39115
Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a ServerSide Template Injection vulnerability in the Email Template feature. The affected...
Atlassian Jira 8.3.x < 8.3.4 Template Injection Vulnerability
According to its self-reported version number, the Atlassian Jira application running on the remote host is 7.0.10 7.6.16, 7.7.x 7.13.8, 8.1.x 8.1.3, 8.2.x 8.2.5, 8.3.x 8.3.4, 8.4.x 8.4.1. It is, therefore, affected by a server-side template injection vulnerability that exists in the Jira Importe...
Atlassian Jira 7.0.10 < 7.6.16 Template Injection Vulnerability
According to its self-reported version number, the Atlassian Jira application running on the remote host is 7.0.10 7.6.16, 7.7.x 7.13.8, 8.1.x 8.1.3, 8.2.x 8.2.5, 8.3.x 8.3.4, 8.4.x 8.4.1. It is, therefore, affected by a server-side template injection vulnerability that exists in the Jira Importe...
Atlassian Jira 7.7.x < 7.13.8 Template Injection Vulnerability
According to its self-reported version number, the Atlassian Jira application running on the remote host is 7.0.10 7.6.16, 7.7.x 7.13.8, 8.1.x 8.1.3, 8.2.x 8.2.5, 8.3.x 8.3.4, 8.4.x 8.4.1. It is, therefore, affected by a server-side template injection vulnerability that exists in the Jira Importe...
Atlassian Jira 8.4.x < 8.4.1 Template Injection Vulnerability
According to its self-reported version number, the Atlassian Jira application running on the remote host is 7.0.10 7.6.16, 7.7.x 7.13.8, 8.1.x 8.1.3, 8.2.x 8.2.5, 8.3.x 8.3.4, 8.4.x 8.4.1. It is, therefore, affected by a server-side template injection vulnerability that exists in the Jira Importe...
CVE-2019-11581 - Template injection in various resources
There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. For this issue to be exploitable at least one of the following conditions must be met: an SMTP server has been configured in Jira and the Contact...
CVE-2019-11581 - Template injection in various resources
There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. For this issue to be exploitable at least one of the following conditions must be met: an SMTP server has been configured in Jira and the Contact...
Request for Marketplace add-on email notifications can be sent to inactive accounts
h4. Summary Users can navigate to the Atlassian Marketplace within Jira and request add-ons to be installed. This will send all groups defined under the Jira Administrators global permission an email notification indicating a particular user has requested a particular add-on. We have observed the...
Removing user from LDAP doesn't clear LDAP group membership
Reproduction steps: 1. Setup generic LDAP user repository RW, with jira-users, jira-developers, jira-administrators groups. 2. Create user for John Smith as [email protected]. 3. Add him to jira-administrators group. 4. Remove user [email protected] John changed the company. 5. Create user for Jake Sunny as...
Removing user from LDAP doesn't clear LDAP group membership
Reproduction steps: 1. Setup generic LDAP user repository RW, with jira-users, jira-developers, jira-administrators groups. 2. Create user for John Smith as [email protected]. 3. Add him to jira-administrators group. 4. Remove user [email protected] John changed the company. 5. Create user for Jake Sunny as...
Agile board "Add Status" button is not available unless you are member of jira-administrators
As a project administrator or board owner I need to be able to be able to add/remove Statused by using the "Add Status" button from the board Configuration window. Currently this button does appear only for jira-administrators...
Agile board "Add Status" button is not available unless you are member of jira-administrators
As a project administrator or board owner I need to be able to be able to add/remove Statused by using the "Add Status" button from the board Configuration window. Currently this button does appear only for jira-administrators...