Uploaded image for project: 'Automation for Jira Server'
  1. Automation for Jira Server
  2. JIRAAUTOSERVER-185

Template injection vulnerability in Automation for Jira smart values - CVE-2020-14193

    XMLWordPrintable

Details

    • Severity 2 - Major

    Description

      Affected versions of Automation for Jira - Server allowed remote attackers to read and render files as mustache templates in files inside the WEB-INF/classes & <jira-installation>/jira/bin directories via a template injection vulnerability in Jira smart values using mustache partials.

      The affected versions are those before version 7.1.15.

      Affected versions:

      • version < 7.1.15

      Fixed versions:

      • 7.1.15 & later

      Attachments

        Activity

          People

            Unassigned Unassigned
            dblack David Black
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: