Published: 19/09/2019 Updated: 24/08/2020

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 prior to 7.6.16, from 7.7.0 prior to 7.13.8, from 8.0.0 prior to 8.1.3, from 8.2.0 prior to 8.2.5, from 8.3.0 prior to 8.3.4 and from 8.4.0 prior to 8.4.1 allows remote attackers with Administrator permissions to gain remote code execution via a template injection vulnerability through the use of a crafted PUT request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
atlassian jira
atlassian jira 8.4.0

2019年天融信阿尔法实验室在微信公众号发布的所有安全资讯汇总

欢迎关注天融信阿尔法实验室微信公众号 20191231 [技术] 使用IDA从零开始学逆向, Part27 mediumcom/p/5fa5c173547c 36C3 CTF Writeups bananamafiadev/post/36c3ctf/ 再探同形文字攻击 alephsecuritycom/2019/12/29/revised-homograph-attacks/ 对1个Dell SonicWALL虚拟办公室的登录界面进行Password Spraying攻击

Jira Server and Service Desk Fix Critical Security Bugs

BleepingComputer • Ionut Ilascu • 01 Jan 1970

Atlassian released updates for Jira Service Desk and Jira Service Desk Data Center to fix a critical-severity security bug that can be exploited by anyone with access to a vulnerable customer portal.
The company patched another critical vulnerability affecting Jira Server and Jira Data Center that allows server-side template injection leading to remote code execution.
The bug impacting Jira Service Desk and Jira Service Desk Data Center is a URL path traversal leading to information ...

CVE-2019-15001

Vulnerability Summary

Most Upvoted Vulmon Research Post

Vulnerability Trend

Mailing Lists

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect