CVE-2021-39115

Опубликовано: 01 сент. 2021

Источник: nvd

CVSS3: 7.2

CVSS2: 9

EPSS Средний

Описание

Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0.

Ссылки

https://jira.atlassian.com/browse/JSDSERVER-8665
Third Party Advisory
https://jira.atlassian.com/browse/JSDSERVER-8665
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:atlassian:jira_service_desk:*:*:*:*:data_center:*:*:*

Версия до 4.13.9 (исключая)

cpe:2.3:a:atlassian:jira_service_desk:*:*:*:*:server:*:*:*

Версия до 4.13.9 (исключая)

cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*

Версия от 4.14.0 (включая) до 4.18.0 (исключая)

cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*

Версия от 4.14.0 (включая) до 4.18.0 (исключая)

EPSS

Процентиль: 96%

0.25738

Средний

7.2 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-96

CWE-94

Связанные уязвимости

GHSA-82p4-m5cc-j7c9