• Type: Public Security Vulnerability
• Resolution: Fixed
• Priority: Low (View bug fix roadmap)
• Fix Version/s: 8.13.19, 8.20.7, 8.22.1, 9.0.0
• Affects Version/s: 8.22.0, 8.13.18, 8.20.6
• Component/s: Security
• Labels:

  • advisory
  • advisory-released
  • dont-import
  • security
  • 🔢✅

[JRASERVER-74228] Template Injection in Email Templates leads to RCE on Jira Service Management Server

Mandeep Jadon made changes - 21/Feb/2023 3:40 PM

Remote Link

New: This issue links to "Page (Confluence)" [ 733448 ]

Manisha Sangwan made changes - 04/Oct/2022 6:20 AM

Labels

Original: advisory advisory-to-release dont-import security 🔢✅

New: advisory advisory-released dont-import security 🔢✅

Manisha Sangwan made changes - 04/Oct/2022 6:19 AM

Resolution		New: Fixed [ 1 ]
Security	Original: Atlassian Staff [ 10750 ]
Status	Original: Draft [ 12872 ]	New: Published [ 12873 ]

Manisha Sangwan made changes - 28/Sep/2022 6:48 AM

Summary

Original: An Atlassian product has a security vulnerability.

New: Template Injection in Email Templates leads to RCE on Jira Service Management Server

Manisha Sangwan made changes - 28/Sep/2022 6:47 AM

Description

Original: Affected versions of Atlassian Jira Server allow remote attackers to execute arbitrary code via a Remote Code Execution (RCE) vulnerability in {component}. The affected versions are before version 8.13.19, from version 8.14.0 before 8.20.7, from version 8.21.0 before 8.22.1, and from version 8.23.0 before 9.0.0. *Affected versions:*  * version < 8.13.19  * 8.14.0 ≤ version < 8.20.7  * 8.21.0 ≤ version < 8.22.1  * 8.23.0 ≤ version < 9.0.0 *Fixed versions:*  * 8.13.19  * 8.20.7  * 8.22.1  * 9.0.0

New: Affected versions of Atlassian Jira Service Management Server and Data Center allows JIRA Administrators to execute arbitrary system commands via a template injection in the endpoint /admin/EmailTemplatesSettings!default.jspa. The affected versions are before version 8.13.19, from version 8.14.0 before 8.20.7, from version 8.21.0 before 8.22.1, and from version 8.23.0 before 9.0.0. *Affected versions:*  * version < 8.13.19  * 8.14.0 ≤ version < 8.20.7  * 8.21.0 ≤ version < 8.22.1  * 8.23.0 ≤ version < 9.0.0 *Fixed versions:*  * 8.13.19  * 8.20.7  * 8.22.1  * 9.0.0

Security Metrics Bot made changes - 24/Aug/2022 1:46 PM

Labels

Original: advisory advisory-to-release dont-import security

New: advisory advisory-to-release dont-import security 🔢✅

Collapse comment: Security Metrics Bot added a comment - 24/Aug/2022 1:46 PM

Security Metrics Bot added a comment - 24/Aug/2022 1:46 PM

This is an independent assessment and you should evaluate its applicability to your own IT environment.

CVSS v3 score: 7.2 => High severity

Exploitability Metrics

Attack Vector	Network
Attack Complexity	Low
Privileges Required	High
User Interaction	None

Scope Metric

Scope	Unchanged

Impact Metrics

Confidentiality	High
Integrity	High
Availability	High

https://asecurityteam.bitbucket.io/cvss_v3/?#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Expand comment: Security Metrics Bot added a comment - 24/Aug/2022 1:46 PM

Security Metrics Bot added a comment - 24/Aug/2022 1:46 PM This is an independent assessment and you should evaluate its applicability to your own IT environment. CVSS v3 score: 7.2 => High severity Exploitability Metrics Attack Vector Network Attack Complexity Low Privileges Required High User Interaction None Scope Metric Scope Unchanged Impact Metrics Confidentiality High Integrity High Availability High https://asecurityteam.bitbucket.io/cvss_v3/?#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Sen Geronimo made changes - 24/Aug/2022 9:34 AM

Component/s

New: Security [ 68109 ]

Security Metrics Bot made changes - 24/Aug/2022 9:34 AM

Labels

New: advisory advisory-to-release dont-import security

Security Metrics Bot created issue - 24/Aug/2022 9:34 AM