Uploaded image for project: 'Jira Server and Data Center'
  1. Jira Server and Data Center
  2. JRASERVER-69933

Template injection in Jira importers plugin - CVE-2019-15001

    XMLWordPrintable

    Details

      Description

      Issue Summary

      There was a server-side template injection vulnerability in Jira Server and Data Center, in the Jira Importers Plugin (JIM). An attacker with "JIRA Administrators" access can exploit this issue. Successful exploitation of this issue allows an attacker to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center.

      Affected version:

      • Versions of Jira Server & Jira Data Center starting with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8 (the fixed version for 7.13.x), from 8.1.0 before 8.1.3 (the fixed version for 8.1.x), from 8.2.0 before 8.2.5 (the fixed version for 8.2.x), and from 8.3.0 before 8.3.4 (the fixed version for 8.3.x) , and from 8.4.0 before 8.4.1 (the fixed version for 8.4.x) are affected by this vulnerability.

      Fix

      We have released the following versions of Jira Server & Jira Data Center to address this issue:

      We have released the following versions of Jira Software Server to address this issue:

      For additional details, see the full advisory.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              aminozhenko Alexander Minozhenko
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: