Uploaded image for project: 'Jira Server and Data Center'
  1. Jira Server and Data Center
  2. JRASERVER-70944

Make use of Secure Introspector in Velocity Templates - CVE-2019-20409

    XMLWordPrintable

    Details

      Description

      This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented.

      The way in which velocity templates were used in Atlassian Jira Server and Data Center
      prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability.

      Affected versions:

      • version < 8.8.0

      Fixed versions:

      • 8.8.0

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              security-metrics-bot Security Metrics Bot
              Votes:
              0 Vote for this issue
              Watchers:
              11 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: