Loading...

XML

Word

Printable

Type: Public Security Vulnerability
Resolution: Fixed
Priority: Low
Fix Version/s: 8.21.0, 8.13.15, 8.20.3
Affects Version/s: 8.13.13, 8.20.1
Component/s: None
Labels:

CVSS Score:
8.7
CVSS Severity:
High
CVE ID:
CVE-2021-43944

This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented.

Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature.

The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.

Affected versions:

version < 8.13.15
8.14.0 ≤ version < 8.20.3

Fixed versions:

8.13.15
8.20.3
8.21.0

is related to

JRASERVER-73581 Jira Software Server Template RCE via Email Templates feature

Published

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(9 mentioned in)

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 30/Nov/2021 6:48 PM

Updated:: 26/Jul/2022 12:07 PM

Resolved:: 08/Mar/2022 1:59 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates