← Back

CVE-2019-15001

nvd nist
Published: Sep 19, 2019Modified: Nov 21, 2024

JSON object

Loading...
7.2
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.2 / Impact: 5.9
Source: NVD

Description

The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.0.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator permissions to gain remote code execution via a template injection vulnerability through the use of a crafted PUT request.

Affected (12)

Atlassian
2 products
Jira Server
Jira Data Center
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Atlassian
Jira Server
From 7.0.10 to 7.6.16
Jira Server
From 7.7.0 to 7.13.8
Jira Server
From 8.0.0 to 8.1.3
Jira Server
From 8.2.0 to 8.2.5
Jira Server
From 8.3.0 to 8.3.4
Jira Server
Version 8.4.0
Configuration B
6 vulnerable
Vulnerable SoftwareAffected Versions
Atlassian
Jira Data Center
From 7.0.10 to 7.6.16
Jira Data Center
From 7.7.0 to 7.13.8
Jira Data Center
From 8.0.0 to 8.1.3
Jira Data Center
From 8.2.0 to 8.2.5
Jira Data Center
From 8.3.0 to 8.3.4
Jira Data Center
Version 8.4.0

Related CWEs

CWE-94
Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (6)

Source: security@atlassian.com
Third Party AdvisoryVDB Entry
Source: security@atlassian.com
Release NotesVendor Advisory
Source: security@atlassian.com
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory

Timeline

No history available yet.