Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9
CVSSv2

CVE-2019-15001

Published: 19/09/2019 Updated: 22/04/2022
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Subscribe to Jira Server

Vulnerability Summary

The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 prior to 7.6.16, from 7.7.0 prior to 7.13.8, from 8.0.0 prior to 8.1.3, from 8.2.0 prior to 8.2.5, from 8.3.0 prior to 8.3.4 and from 8.4.0 prior to 8.4.1 allows remote attackers with Administrator permissions to gain remote code execution via a template injection vulnerability through the use of a crafted PUT request.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

atlassian jira server

atlassian jira server 8.4.0

atlassian jira data center

atlassian jira data center 8.4.0

Mailing Lists

Bugtraq: Jira Security Advisory - 2019-09-18 - CVE-2019-15001
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 This email refers to the advisory found at confluenceatlassiancom/x/KkU4Og CVE ID: * CVE-2019-15001 Product: Jira Server and Data Center Affected Jira Server and Data Center product versions: 7010 <= version < 7616 770 <= version < 7138 800 <= version &lt ...

Github Repositories

sec-daily-2019

2019年天融信阿尔法实验室在微信公众号发布的所有安全资讯汇总

欢迎关注天融信阿尔法实验室微信公众号 20191231 [技术] 使用IDA从零开始学逆向, Part27 mediumcom/p/5fa5c173547c 36C3 CTF Writeups bananamafiadev/post/36c3ctf/ 再探同形文字攻击 alephsecuritycom/2019/12/29/revised-homograph-attacks/ 对1个Dell SonicWALL虚拟办公室的登录界面进行Password Spraying攻击

Recent Articles

Jira Server and Service Desk Fix Critical Security Bugs
BleepingComputer • Ionut Ilascu • 01 Jan 1970

Atlassian released updates for Jira Service Desk and Jira Service Desk Data Center to fix a critical-severity security bug that can be exploited by anyone with access to a vulnerable customer portal.
The company patched another critical vulnerability affecting Jira Server and Jira Data Center that allows server-side template injection leading to remote code execution.
The bug impacting Jira Service Desk and Jira Service Desk Data Center is a URL path traversal leading to information ...

Read more...

References

CWE-94https://jira.atlassian.com/browse/JRASERVER-69933https://seclists.org/bugtraq/2019/Sep/42http://packetstormsecurity.com/files/154611/Jira-Server-Data-Center-Template-Injection.htmlhttps://nvd.nist.govhttp://seclists.org/bugtraq/2019/Sep/42https://github.com/alphaSeclab/sec-daily-2019
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3079CVE-2021-4376CVE-2020-36716firewalldosCVE-2023-32784CVE-2021-4344cameraCVE-2021-4356
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook