The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.0.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator permissions to gain remote code execution via a template injection vulnerability through the use of a crafted PUT request.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/154611/Jira-Server-Data-Center-Template-Injection.html | Third Party Advisory VDB Entry |
https://jira.atlassian.com/browse/JRASERVER-69933 | Release Notes Vendor Advisory |
https://seclists.org/bugtraq/2019/Sep/42 | Mailing List Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
No history.
Information
Published : 2019-09-19 15:15
Updated : 2024-02-28 17:08
NVD link : CVE-2019-15001
Mitre link : CVE-2019-15001
CVE.ORG link : CVE-2019-15001
JSON object : View
Products Affected
atlassian
- jira_data_center
- jira_server
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')