Vulnerability Database

289,784

Total vulnerabilities in the database

CVE-2021-43947

Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution (RCE) vulnerability in the Email Templates feature. This issue bypasses the fix of https://jira.atlassian.com/browse/JSDSERVER-8665. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.

  • Published: Jan 6, 2022
  • Updated: Apr 14, 2023
  • CVE: CVE-2021-43947
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.2
  • AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: High
  • Score: 9
  • AV:N/AC:L/Au:S/C:C/I:C/A:C

No CWE or OWASP classifications available.

Software From Fixed in
atlassian / jira - 8.13.15
atlassian / data_center - 8.13.15
atlassian / jira_server 8.14.0 8.20.3
atlassian / jira_data_center 8.14.0 8.20.3