CVE-2019-15001

high

Description

The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.0.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator permissions to gain remote code execution via a template injection vulnerability through the use of a crafted PUT request.

References

https://www.tenable.com/blog/cve-2019-14994-url-path-traversal-vulnerability-in-jira-service-desk-leads-to-information

https://seclists.org/bugtraq/2019/Sep/42

https://jira.atlassian.com/browse/JRASERVER-69933

http://packetstormsecurity.com/files/154611/Jira-Server-Data-Center-Template-Injection.html

Details

Source: Mitre, NVD

Published: 2019-09-19

Updated: 2022-04-22

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.2

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: High