CVE-2021-39128

Summary

Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. The affected versions of Jira Server or Data Center are before version 8.13.12, and from version 8.14.0 before 8.19.1.

Affected Software

VendorProductVersion RangeStatus
AtlassianJira Serverunspecified < 8.13.12affected
AtlassianJira Server8.14.0 < unspecifiedaffected
AtlassianJira Serverunspecified < 8.19.1affected
AtlassianJira Data Centerunspecified < 8.13.12affected
AtlassianJira Data Center8.14.0 < unspecifiedaffected
AtlassianJira Data Centerunspecified < 8.19.1affected

Weaknesses

  • CWE-1336: CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References