exploitDog

CVE-2019-15001

Опубликовано: 19 сент. 2019

Источник: nvd

CVSS3: 7.2

CVSS2: 9

EPSS Средний

Описание

The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.0.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator permissions to gain remote code execution via a template injection vulnerability through the use of a crafted PUT request.

Ссылки

http://packetstormsecurity.com/files/154611/Jira-Server-Data-Center-Template-Injection.html
Third Party Advisory
VDB Entry
https://jira.atlassian.com/browse/JRASERVER-69933
Release Notes
Vendor Advisory
https://seclists.org/bugtraq/2019/Sep/42
Mailing List
Third Party Advisory
http://packetstormsecurity.com/files/154611/Jira-Server-Data-Center-Template-Injection.html
Third Party Advisory
VDB Entry
https://jira.atlassian.com/browse/JRASERVER-69933
Release Notes
Vendor Advisory
https://seclists.org/bugtraq/2019/Sep/42
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*

Версия от 7.0.10 (включая) до 7.6.16 (исключая)

cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*

Версия от 7.7.0 (включая) до 7.13.8 (исключая)

cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*

Версия от 8.0.0 (включая) до 8.1.3 (исключая)

cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*

Версия от 8.2.0 (включая) до 8.2.5 (исключая)

cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*

Версия от 8.3.0 (включая) до 8.3.4 (исключая)

cpe:2.3:a:atlassian:jira_server:8.4.0:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*

Версия от 7.0.10 (включая) до 7.6.16 (исключая)

cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*

Версия от 7.7.0 (включая) до 7.13.8 (исключая)

cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*

Версия от 8.0.0 (включая) до 8.1.3 (исключая)

cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*

Версия от 8.2.0 (включая) до 8.2.5 (исключая)

cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*

Версия от 8.3.0 (включая) до 8.3.4 (исключая)

cpe:2.3:a:atlassian:jira_data_center:8.4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 93%

0.11506

Средний

7.2 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-v4p4-65gh-94f7

CVSS3: 7.2

github

больше 3 лет назад

The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.1.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator permissions to gain remote code execution via a template injection vulnerability through the use of a crafted PUT request.

EPSS

Процентиль: 93%

0.11506

Средний

7.2 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-94