Uploaded image for project: 'Automation for Jira'
  1. Automation for Jira
  2. JIRAAUTOSERVER-185

Template injection vulnerability in Automation for Jira smart values - CVE-2020-14193

    XMLWordPrintable

    Details

    • Symptom Severity:
      Severity 2 - Major

      Description

      Affected versions of Automation for Jira - Server allowed remote attackers to read and render files as mustache templates in files inside the WEB-INF/classes & <jira-installation>/jira/bin directories via a template injection vulnerability in Jira smart values using mustache partials.

      The affected versions are those before version 7.1.15.

      Affected versions:

      • version < 7.1.15

      Fixed versions:

      • 7.1.15 & later

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            dblack David Black
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: