Uploaded image for project: 'Jira Service Management Server and Data Center'
  1. Jira Service Management Server and Data Center
  2. JSDSERVER-8665

Template Injection in Email Templates leads to code execution on Jira Service Management Server - CVE-2021-39115

    XMLWordPrintable

    Details

    • CVSS Score:
      7.2
    • CVSS Severity:
      High
    • CVE ID:
      CVE-2021-39115

      Description

      Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature.

      The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0.

       

      Affected versions:

      • version < 4.13.9
      • 4.14.0 ≤ version < 4.18.0

      Fixed versions:

      • 4.13.9
      • 4.18.0  

       

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            security-metrics-bot Security Metrics Bot
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Backbone Issue Sync