Date Published: 2021-11-24
QID 730277: Atlassian Jira Server and Data Center Server Side Template Injection Vulnerability (JRASERVER-72804)
Jira is a proprietary issue tracking product, developed by Atlassian. It provides bug tracking, issue tracking, and project management functions.
CVE-2021-39128:Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature.
Atlassian Jira Server and Data Center version prior to 8.13.12
Atlassian Jira Server and Data Center from 8.14.0 to 8.19.0
QID Detection Logic:(Unauthenticated)
It checks for vulnerable version of Atlassian Jira.
Successful exploitation of this vulnerability allows an attacker to execute arbitrary code.
- JRASERVER-72804 - jira.atlassian.com/browse/JRASERVER-72804
CVEs related to QID 730277