CVE-2021-39115

Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0.

CVSS v3 7.2 HIGH
CVSS v2.0 9.0 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://jira.atlassian.com/browse/JSDSERVER-8665	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:atlassian:jira_service_desk:::::data_center:::*
	cpe:2.3:a:atlassian:jira_service_desk:::::server:::*
	cpe:2.3:a:atlassian:jira_service_management:::::data_center:::*
	cpe:2.3:a:atlassian:jira_service_management:::::server:::*

History

No history.

Information

Published : 2021-09-01 23:15

Updated : 2024-10-11 21:35

NVD link : CVE-2021-39115

Mitre link : CVE-2021-39115

CVE.ORG link : CVE-2021-39115

JSON object : View

Products Affected

atlassian

jira_service_management
jira_service_desk

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

CWE-96

Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')

{"id": "CVE-2021-39115", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2021-09-01T23:15:07.430", "references": [{"url": "https://jira.atlassian.com/browse/JSDSERVER-8665", "tags": ["Third Party Advisory"], "source": "security@atlassian.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}, {"type": "Secondary", "source": "security@atlassian.com", "description": [{"lang": "en", "value": "CWE-96"}]}], "descriptions": [{"lang": "en", "value": "Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with \"Jira Administrators\" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0."}, {"lang": "es", "value": "Las versiones afectadas de Atlassian Jira Service Management Server y Data Center permiten a atacantes remotos con acceso \"Jira Administrators\" ejecutar c\u00f3digo Java arbitrario o ejecutar comandos del sistema arbitrarios por medio de una vulnerabilidad de Server_Side Template Injection en la funcionalidad Email Template. Las versiones afectadas son anteriores a versi\u00f3n 4.13.9, y desde versi\u00f3n 4.14.0 hasta 4.18.0"}], "lastModified": "2024-10-11T21:35:33.387", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:atlassian:jira_service_desk:*:*:*:*:data_center:*:*:*", "vulnerable": true, "matchCriteriaId": "F2574509-6871-4E05-9973-B8F7BB3130E8", "versionEndExcluding": "4.13.9"}, {"criteria": "cpe:2.3:a:atlassian:jira_service_desk:*:*:*:*:server:*:*:*", "vulnerable": true, "matchCriteriaId": "8A3B81E7-9F71-42C7-918D-A2C72956D52F", "versionEndExcluding": "4.13.9"}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*", "vulnerable": true, "matchCriteriaId": "78E11B7D-592B-49B9-B118-EC509C72692C", "versionEndExcluding": "4.18.0", "versionStartIncluding": "4.14.0"}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*", "vulnerable": true, "matchCriteriaId": "FD134963-726B-47D9-BEF8-34AEB42CD659", "versionEndExcluding": "4.18.0", "versionStartIncluding": "4.14.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@atlassian.com"}