CVE-2021-39128

Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. The affected versions of Jira Server or Data Center are before version 8.13.12, and from version 8.14.0 before 8.19.1.
References
Link Resource
https://jira.atlassian.com/browse/JRASERVER-72804 Issue Tracking Vendor Advisory
https://jira.atlassian.com/browse/JRASERVER-72804 Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:18

Type Values Removed Values Added
References () https://jira.atlassian.com/browse/JRASERVER-72804 - Issue Tracking, Vendor Advisory () https://jira.atlassian.com/browse/JRASERVER-72804 - Issue Tracking, Vendor Advisory

01 Aug 2022, 16:13

Type Values Removed Values Added
CPE cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*

21 Jul 2022, 11:44

Type Values Removed Values Added
CWE CWE-74 CWE-94
References (MISC) https://jira.atlassian.com/browse/JRASERVER-72804 - Permissions Required (MISC) https://jira.atlassian.com/browse/JRASERVER-72804 - Issue Tracking, Vendor Advisory

25 Mar 2022, 18:14

Type Values Removed Values Added
CPE cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*

27 Sep 2021, 17:02

Type Values Removed Values Added
CPE cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:*
cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
CWE CWE-74
References (MISC) https://jira.atlassian.com/browse/JRASERVER-72804 - (MISC) https://jira.atlassian.com/browse/JRASERVER-72804 - Permissions Required
CVSS v2 : unknown
v3 : unknown
v2 : 6.5
v3 : 7.2

16 Sep 2021, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-09-16 06:15

Updated : 2024-11-21 06:18


NVD link : CVE-2021-39128

Mitre link : CVE-2021-39128

CVE.ORG link : CVE-2021-39128


JSON object : View

Products Affected

atlassian

  • jira_server
  • jira_data_center
CWE
CWE-1336 CWE-94

Improper Control of Generation of Code ('Code Injection')