• Type: Public Security Vulnerability
• Resolution: Fixed
• Priority: Low (View bug fix roadmap)
• Fix Version/s: 8.13.19, 8.20.7, 8.22.1, 9.0.0
• Affects Version/s: 8.22.0, 8.13.18, 8.20.6
• Component/s: Security
• Labels:

  • advisory
  • advisory-released
  • dont-import
  • security
  • 🔢✅

[JRASERVER-74228] Template Injection in Email Templates leads to RCE on Jira Service Management Server

Collapse comment: Security Metrics Bot added a comment - 24/Aug/2022 1:46 PM

Security Metrics Bot added a comment - 24/Aug/2022 1:46 PM

This is an independent assessment and you should evaluate its applicability to your own IT environment.

CVSS v3 score: 7.2 => High severity

Exploitability Metrics

Attack Vector	Network
Attack Complexity	Low
Privileges Required	High
User Interaction	None

Scope Metric

Scope	Unchanged

Impact Metrics

Confidentiality	High
Integrity	High
Availability	High

https://asecurityteam.bitbucket.io/cvss_v3/?#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Expand comment: Security Metrics Bot added a comment - 24/Aug/2022 1:46 PM

Security Metrics Bot added a comment - 24/Aug/2022 1:46 PM This is an independent assessment and you should evaluate its applicability to your own IT environment. CVSS v3 score: 7.2 => High severity Exploitability Metrics Attack Vector Network Attack Complexity Low Privileges Required High User Interaction None Scope Metric Scope Unchanged Impact Metrics Confidentiality High Integrity High Availability High https://asecurityteam.bitbucket.io/cvss_v3/?#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H