Vulnerability Database

290,020

Total vulnerabilities in the database

CVE-2019-20409

The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability.

  • Published: Jun 23, 2020
  • Updated: Apr 13, 2023
  • CVE: CVE-2019-20409
  • Severity: Critical
  • Exploit:

CVSS v3:

  • Severity: Critical
  • Score: 9.8
  • AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

Software From Fixed in
atlassian / jira_software_data_center - 8.8.0
atlassian / jira - 8.8.0