CVE-2019-15001

The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.0.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator permissions to gain remote code execution via a template injection vulnerability through the use of a crafted PUT request.

Published: Sep 19, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-15001
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9
AV:N/AC:L/Au:S/C:C/I:C/A:C

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
atlassian / jira_server	8.4.0	8.4.0.x
atlassian / jira_server	8.3.0	8.3.4
atlassian / jira_server	8.2.0	8.2.5
atlassian / jira_server	7.7.0	7.13.8
atlassian / jira_server	8.0.0	8.1.3
atlassian / jira_server	7.0.10	7.6.16
atlassian / jira_data_center	7.0.10	7.6.16
atlassian / jira_data_center	7.7.0	7.13.8
atlassian / jira_data_center	8.0.0	8.1.3
atlassian / jira_data_center	8.2.0	8.2.5
atlassian / jira_data_center	8.3.0	8.3.4
atlassian / jira_data_center	8.4.0	8.4.0.x

Vulnerability Database

289,784

CVE-2019-15001