CVE-2019-15001
N/A
N/A
Summary
The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.0.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator permissions to gain remote code execution via a template injection vulnerability through the use of a crafted PUT request.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Atlassian | Jira Server | 7.0.10 < unspecified | affected |
| Atlassian | Jira Server | unspecified < 7.6.16 | affected |
| Atlassian | Jira Server | 7.7.0 < unspecified | affected |
| Atlassian | Jira Server | unspecified < 7.13.8 | affected |
| Atlassian | Jira Server | 8.0.0 < unspecified | affected |
| Atlassian | Jira Server | unspecified < 8.1.3 | affected |
| Atlassian | Jira Server | 8.2.0 < unspecified | affected |
| Atlassian | Jira Server | unspecified < 8.2.5 | affected |
| Atlassian | Jira Server | 8.3.0 < unspecified | affected |
| Atlassian | Jira Server | unspecified < 8.3.4 | affected |
| Atlassian | Jira Server | 8.4.0 < unspecified | affected |
| Atlassian | Jira Server | unspecified < 8.4.1 | affected |
| Atlassian | Jira Data Center | 7.0.10 < unspecified | affected |
| Atlassian | Jira Data Center | unspecified < 7.6.16 | affected |
| Atlassian | Jira Data Center | 7.7.0 < unspecified | affected |
| Atlassian | Jira Data Center | unspecified < 7.13.8 | affected |
| Atlassian | Jira Data Center | 8.0.0 < unspecified | affected |
| Atlassian | Jira Data Center | unspecified < 8.1.3 | affected |
| Atlassian | Jira Data Center | 8.2.0 < unspecified | affected |
| Atlassian | Jira Data Center | unspecified < 8.2.5 | affected |
| Atlassian | Jira Data Center | 8.3.0 < unspecified | affected |
| Atlassian | Jira Data Center | unspecified < 8.3.4 | affected |
| Atlassian | Jira Data Center | 8.4.0 < unspecified | affected |
| Atlassian | Jira Data Center | unspecified < 8.4.1 | affected |
Weaknesses
- Template injection
ADP Enrichment
CVE Program Container
Additional References
- https://seclists.org/bugtraq/2019/Sep/42
- https://jira.atlassian.com/browse/JRASERVER-69933
- http://packetstormsecurity.com/files/154611/Jira-Server-Data-Center-Template-Injection.html
References
- https://seclists.org/bugtraq/2019/Sep/42
- https://jira.atlassian.com/browse/JRASERVER-69933
- http://packetstormsecurity.com/files/154611/Jira-Server-Data-Center-Template-Injection.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.