Loading...

XML

Word

Printable

Details

Type: Public Security Vulnerability
Resolution: Fixed
Priority: Low
Fix Version/s: 8.19.1, 8.13.12, 8.20.0, 8.21.0
Affects Version/s: 8.13.10, 8.19.0
Component/s: None
Labels:

CVSS Score:
7.2
CVSS Severity:
High
CVE ID:
CVE-2021-39128

Description

Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature.

The affected versions of Jira Server or Data Center are before version 8.13.12, and from version 8.14.0 before 8.19.1.

*Affected versions:*

version < 8.13.12
8.14.0 ≤ version < 8.19.1

*Fixed versions:*

8.13.12
8.19.1
8.20.0
8.21.0

Attachments

Issue Links

mentioned in: Page Loading...; Page Loading...; Page Loading...

Activity

People

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 15/Sep/2021 1:19 AM

Updated:: 21/Feb/2023 3:40 PM

Resolved:: 25/Oct/2021 1:49 AM