CRITICAL🚩 CISA KEV⚡ EXPLOIT🇬🇧 English

CVE-2019-11581

CVSS 9.8v3.1pub. 2019-08-09upd. 2025-10-24

There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Atlassian Jira Server

    APP
    Atlassian
    4.4 – 7.6.14 (bez)7.7.0 – 7.13.5 (bez)8.0.0 – 8.0.3 (bez)8.1.0 – 8.1.2 (bez)8.2.0 – 8.2.3 (bez)

CISA KEV — szczegółyi

Dostawcai
Atlassian
Produkti
Jira Server and Data Center
Data dodania do KEVi
7 marca 2022
Termin remediation (USA)i
7 września 2022(po terminie)
Wymagana akcja (CISA)i

Zastosuj aktualizacje zgodnie z instrukcjami dostawcy.

tłumaczenie AI
Pokaż oryginał (EN)

Apply updates per vendor instructions.

Opis CISAi

Atlassian Jira Server i Data Center zawierają lukę server-side template injection, która może umożliwić zdalne wykonanie kodu (RCE).

tłumaczenie AI
Pokaż oryginał (EN)

Atlassian Jira Server and Data Center contain a server-side template injection vulnerability which can allow for remote code execution.

🔴
NATYCHMIASTOWE DZIAŁANIE
Aktywnie wykorzystywane w atakach (CISA KEV). Załataj jak najszybciej.
CISA DEADLINE: 7 września 2022
CWE
Referencje

Powiązane podatności

CVE-2022-26136CRITICAL9.8ten sam produkt

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Fil...

CVE-2022-0540CRITICAL9.8ten sam produkt

A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a...

CVE-2025-22167HIGH8.7ten sam produkt

This High severity Path Traversal (Arbitrary Write) vulnerability was introduced in versions: 9.12.0, 10.3.0 a...

CVE-2025-22157HIGH7.2ten sam produkt

This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions: 9.12.0, 10.3.0, 1...

CVE-2024-21683HIGH8.8ten sam produkt

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data ...