There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HAtlassian Jira Server
APPAtlassian4.4 – 7.6.14 (bez)7.7.0 – 7.13.5 (bez)8.0.0 – 8.0.3 (bez)8.1.0 – 8.1.2 (bez)8.2.0 – 8.2.3 (bez)
CISA KEV — szczegółyi
- Dostawcai
- Atlassian ↗
- Produkti
- Jira Server and Data Center
- Data dodania do KEVi
- 7 marca 2022
- Termin remediation (USA)i
- 7 września 2022(po terminie)
Zastosuj aktualizacje zgodnie z instrukcjami dostawcy.
▸ Pokaż oryginał (EN)
Apply updates per vendor instructions.
Atlassian Jira Server i Data Center zawierają lukę server-side template injection, która może umożliwić zdalne wykonanie kodu (RCE).
▸ Pokaż oryginał (EN)
Atlassian Jira Server and Data Center contain a server-side template injection vulnerability which can allow for remote code execution.
Powiązane podatności
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Fil...
A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a...
This High severity Path Traversal (Arbitrary Write) vulnerability was introduced in versions: 9.12.0, 10.3.0 a...
This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions: 9.12.0, 10.3.0, 1...
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data ...