Vulnerability Description
The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.0.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator permissions to gain remote code execution via a template injection vulnerability through the use of a crafted PUT request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Atlassian | Jira Server | >= 7.0.10, < 7.6.16 |
| Atlassian | Jira Data Center | >= 7.0.10, < 7.6.16 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/154611/Jira-Server-Data-Center-Template-InjThird Party AdvisoryVDB Entry
- https://jira.atlassian.com/browse/JRASERVER-69933Release NotesVendor Advisory
- https://seclists.org/bugtraq/2019/Sep/42Mailing ListThird Party Advisory
- http://packetstormsecurity.com/files/154611/Jira-Server-Data-Center-Template-InjThird Party AdvisoryVDB Entry
- https://jira.atlassian.com/browse/JRASERVER-69933Release NotesVendor Advisory
- https://seclists.org/bugtraq/2019/Sep/42Mailing ListThird Party Advisory
FAQ
What is CVE-2019-15001?
CVE-2019-15001 is a vulnerability with a CVSS score of 7.2 (HIGH). The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.0.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before ...
How severe is CVE-2019-15001?
CVE-2019-15001 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-15001?
Check the references section above for vendor advisories and patch information. Affected products include: Atlassian Jira Server, Atlassian Jira Data Center.