CVE-2019-15001

Summary

The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.0.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator permissions to gain remote code execution via a template injection vulnerability through the use of a crafted PUT request.

Affected Software

VendorProductVersion RangeStatus
AtlassianJira Server7.0.10 < unspecifiedaffected
AtlassianJira Serverunspecified < 7.6.16affected
AtlassianJira Server7.7.0 < unspecifiedaffected
AtlassianJira Serverunspecified < 7.13.8affected
AtlassianJira Server8.0.0 < unspecifiedaffected
AtlassianJira Serverunspecified < 8.1.3affected
AtlassianJira Server8.2.0 < unspecifiedaffected
AtlassianJira Serverunspecified < 8.2.5affected
AtlassianJira Server8.3.0 < unspecifiedaffected
AtlassianJira Serverunspecified < 8.3.4affected
AtlassianJira Server8.4.0 < unspecifiedaffected
AtlassianJira Serverunspecified < 8.4.1affected
AtlassianJira Data Center7.0.10 < unspecifiedaffected
AtlassianJira Data Centerunspecified < 7.6.16affected
AtlassianJira Data Center7.7.0 < unspecifiedaffected
AtlassianJira Data Centerunspecified < 7.13.8affected
AtlassianJira Data Center8.0.0 < unspecifiedaffected
AtlassianJira Data Centerunspecified < 8.1.3affected
AtlassianJira Data Center8.2.0 < unspecifiedaffected
AtlassianJira Data Centerunspecified < 8.2.5affected
AtlassianJira Data Center8.3.0 < unspecifiedaffected
AtlassianJira Data Centerunspecified < 8.3.4affected
AtlassianJira Data Center8.4.0 < unspecifiedaffected
AtlassianJira Data Centerunspecified < 8.4.1affected

Weaknesses

  • Template injection

ADP Enrichment

CVE Program Container

Additional References

References