The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.0.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator permissions to gain remote code execution via a template injection vulnerability through the use of a crafted PUT request.
References
| Link | Resource |
|---|---|
| http://packetstormsecurity.com/files/154611/Jira-Server-Data-Center-Template-Injection.html | Third Party Advisory VDB Entry |
| https://jira.atlassian.com/browse/JRASERVER-69933 | Release Notes Vendor Advisory |
| https://seclists.org/bugtraq/2019/Sep/42 | Mailing List Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
22 Apr 2022, 19:53
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) http://packetstormsecurity.com/files/154611/Jira-Server-Data-Center-Template-Injection.html - Third Party Advisory, VDB Entry | |
| References | (BUGTRAQ) https://seclists.org/bugtraq/2019/Sep/42 - Mailing List, Third Party Advisory | |
| CPE | cpe:2.3:a:atlassian:jira_data_center:8.4.0:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:* |
25 Mar 2022, 17:22
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:* cpe:2.3:a:atlassian:jira_server:8.4.0:*:*:*:*:*:*:* |
Information
Published : 2019-09-19 15:15
Updated : 2024-02-04 20:20
NVD link : CVE-2019-15001
Mitre link : CVE-2019-15001
CVE.ORG link : CVE-2019-15001
JSON object : View
Products Affected
atlassian
- jira_server
- jira_data_center
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')