Uploaded image for project: 'Jira Service Management Server and Data Center'
  1. Jira Service Management Server and Data Center
  2. JSDSERVER-8665

Template Injection in Email Templates leads to code execution on Jira Service Management Server - CVE-2021-39115

    XMLWordPrintable

Details

    • 7.2
    • High
    • CVE-2021-39115

    Description

      Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature.

      The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0.

       

      Affected versions:

      • version < 4.13.9
      • 4.14.0 ≤ version < 4.18.0

      Fixed versions:

      • 4.13.9
      • 4.18.0  

       

      Attachments

        Activity

          People

            Unassigned Unassigned
            security-metrics-bot Security Metrics Bot
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Backbone Issue Sync