• Type: Public Security Vulnerability
• Resolution: Fixed
• Priority: Low
• Fix Version/s: 4.18.0, 4.13.9
• Affects Version/s: 4.17.1, 4.13.8, 4.5.18
• Component/s: None
• Labels:

  • CVE-2021-39115
  • advisory
  • advisory-to-release
  • dont-import
  • security

[JSDSERVER-8665] Template Injection in Email Templates leads to code execution on Jira Service Management Server - CVE-2021-39115

Collapse comment: lance_lyons added a comment - 14/Feb/2022 9:27 PM

lance_lyons added a comment - 14/Feb/2022 9:27 PM

Why cant you guys make a secure product.  These security vulnerabilities are causing us to have to upgrade Jira every month.

 

Expand comment: lance_lyons added a comment - 14/Feb/2022 9:27 PM

lance_lyons added a comment - 14/Feb/2022 9:27 PM Why cant you guys make a secure product.  These security vulnerabilities are causing us to have to upgrade Jira every month.  

Security Metrics Bot made changes - 16/Sep/2021 5:27 AM

CVE ID

New: CVE-2021-39115

AB made changes - 01/Sep/2021 10:58 PM

Security

Original: Atlassian Staff [ 10750 ]

AB made changes - 01/Sep/2021 10:58 PM

Resolution		New: Fixed [ 1 ]
Status	Original: Draft [ 12872 ]	New: Published [ 12873 ]

AB made changes - 01/Sep/2021 10:58 PM

Labels

Original: advisory advisory-to-release dont-import security

New: CVE-2021-39115 advisory advisory-to-release dont-import security

AB made changes - 01/Sep/2021 10:58 PM

Summary

Original: Template Injection in Email Templates leads to code execution on Jira Service Management Server - CVE-in progress

New: Template Injection in Email Templates leads to code execution on Jira Service Management Server - CVE-2021-39115

AB made changes - 30/Aug/2021 5:19 AM

Summary

Original: Template Injection in Email Templates leads to code execution on Jira Service Management Server - CVE-PENDING

New: Template Injection in Email Templates leads to code execution on Jira Service Management Server - CVE-in progress

AB made changes - 30/Aug/2021 5:08 AM

Summary

Original: Template Injection in Email Templates leads to code execution on Jira Service Management Server - CVE-TODO

New: Template Injection in Email Templates leads to code execution on Jira Service Management Server - CVE-PENDING

AB made changes - 26/Aug/2021 12:51 AM

Summary

Original: Template Injection in Email Templates leads to code execution on Jira Service Management Server

New: Template Injection in Email Templates leads to code execution on Jira Service Management Server - CVE-TODO

AB made changes - 26/Aug/2021 12:50 AM

Description

Original: Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature.

New: Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0.   *Affected versions:*  * version < 4.13.9  * 4.14.0 ≤ version < 4.18.0 *Fixed versions:*  * 4.13.9  * 4.18.0

Load more older events