CVE-2021-39115 - Vulnerability Details - OpenCVE

Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.25738.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Atlassian	Jira Service Desk Jira Service Management

Configuration 1 [-]

OR	cpe:2.3:a:atlassian:jira_service_desk:::::data_center:::*
	cpe:2.3:a:atlassian:jira_service_desk:::::server:::*
	cpe:2.3:a:atlassian:jira_service_management:::::data_center:::*
	cpe:2.3:a:atlassian:jira_service_management:::::server:::*

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://jira.atlassian.com/browse/JSDSERVER-8665

History

Fri, 11 Oct 2024 21:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:atlassian:jira_service_desk:-::::data_center::: cpe:2.3:a:atlassian:jira_service_desk:-::::server:::
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: atlassian

Published: 2021-09-01T23:00:09.591646Z

Updated: 2024-10-11T19:19:10.750Z

Reserved: 2021-08-16T00:00:00

Link: CVE-2021-39115

Vulnrichment

Updated: 2024-08-04T01:58:17.709Z

NVD

Status : Modified

Published: 2021-09-01T23:15:07.430

Modified: 2024-11-21T06:18:36.283

Link: CVE-2021-39115

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "Jira Service Desk Server", "vendor": "Atlassian", "versions": [{"lessThan": "4.13.9", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "4.14.0", "versionType": "custom"}, {"lessThan": "4.18.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Jira Service Desk Data Center", "vendor": "Atlassian", "versions": [{"lessThan": "4.13.9", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "4.14.0", "versionType": "custom"}, {"lessThan": "4.18.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2021-08-30T00:00:00", "descriptions": [{"lang": "en", "value": "Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with \"Jira Administrators\" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-96", "description": "CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-01T23:00:09", "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "shortName": "atlassian"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://jira.atlassian.com/browse/JSDSERVER-8665"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@atlassian.com", "DATE_PUBLIC": "2021-08-30T00:00:00", "ID": "CVE-2021-39115", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Jira Service Desk Server", "version": {"version_data": [{"version_affected": "<", "version_value": "4.13.9"}, {"version_affected": ">=", "version_value": "4.14.0"}, {"version_affected": "<", "version_value": "4.18.0"}]}}, {"product_name": "Jira Service Desk Data Center", "version": {"version_data": [{"version_affected": "<", "version_value": "4.13.9"}, {"version_affected": ">=", "version_value": "4.14.0"}, {"version_affected": "<", "version_value": "4.18.0"}]}}]}, "vendor_name": "Atlassian"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with \"Jira Administrators\" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')"}]}]}, "references": {"reference_data": [{"name": "https://jira.atlassian.com/browse/JSDSERVER-8665", "refsource": "MISC", "url": "https://jira.atlassian.com/browse/JSDSERVER-8665"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T01:58:17.709Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jira.atlassian.com/browse/JSDSERVER-8665"}]}, {"affected": [{"vendor": "atlassian", "product": "jira_service_management", "cpes": ["cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.14.0", "status": "affected", "lessThan": "4.18.0", "versionType": "custom"}]}, {"vendor": "atlassian", "product": "jira_service_management", "cpes": ["cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.14.0", "status": "affected", "lessThan": "4.18.0", "versionType": "custom"}]}, {"vendor": "atlassian", "product": "jira_service_desk", "cpes": ["cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "4.13.9", "versionType": "custom"}]}, {"vendor": "atlassian", "product": "jira_service_desk", "cpes": ["cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "4.13.9", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-10-11T19:11:09.878988Z", "id": "CVE-2021-39115", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-11T19:19:10.750Z"}}]}, "cveMetadata": {"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "assignerShortName": "atlassian", "cveId": "CVE-2021-39115", "datePublished": "2021-09-01T23:00:09.591646Z", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-10-11T19:19:10.750Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"containers": {"cna": {"affected": [{"product": "Jira Service Desk Server", "vendor": "Atlassian", "versions": [{"lessThan": "4.13.9", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "4.14.0", "versionType": "custom"}, {"lessThan": "4.18.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Jira Service Desk Data Center", "vendor": "Atlassian", "versions": [{"lessThan": "4.13.9", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "4.14.0", "versionType": "custom"}, {"lessThan": "4.18.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2021-08-30T00:00:00", "descriptions": [{"lang": "en", "value": "Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with \"Jira Administrators\" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-96", "description": "CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-01T23:00:09", "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "shortName": "atlassian"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://jira.atlassian.com/browse/JSDSERVER-8665"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@atlassian.com", "DATE_PUBLIC": "2021-08-30T00:00:00", "ID": "CVE-2021-39115", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Jira Service Desk Server", "version": {"version_data": [{"version_affected": "<", "version_value": "4.13.9"}, {"version_affected": ">=", "version_value": "4.14.0"}, {"version_affected": "<", "version_value": "4.18.0"}]}}, {"product_name": "Jira Service Desk Data Center", "version": {"version_data": [{"version_affected": "<", "version_value": "4.13.9"}, {"version_affected": ">=", "version_value": "4.14.0"}, {"version_affected": "<", "version_value": "4.18.0"}]}}]}, "vendor_name": "Atlassian"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with \"Jira Administrators\" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')"}]}]}, "references": {"reference_data": [{"name": "https://jira.atlassian.com/browse/JSDSERVER-8665", "refsource": "MISC", "url": "https://jira.atlassian.com/browse/JSDSERVER-8665"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T01:58:17.709Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jira.atlassian.com/browse/JSDSERVER-8665"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2021-39115", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-11T19:11:09.878988Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*"], "vendor": "atlassian", "product": "jira_service_management", "versions": [{"status": "affected", "version": "4.14.0", "lessThan": "4.18.0", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*"], "vendor": "atlassian", "product": "jira_service_management", "versions": [{"status": "affected", "version": "4.14.0", "lessThan": "4.18.0", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*"], "vendor": "atlassian", "product": "jira_service_desk", "versions": [{"status": "affected", "version": "0", "lessThan": "4.13.9", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*"], "vendor": "atlassian", "product": "jira_service_desk", "versions": [{"status": "affected", "version": "0", "lessThan": "4.13.9", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-11T19:18:55.994Z"}}]}, "cveMetadata": {"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "assignerShortName": "atlassian", "cveId": "CVE-2021-39115", "datePublished": "2021-09-01T23:00:09.591646Z", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-10-11T19:19:10.750Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:atlassian:jira_service_desk:*:*:*:*:data_center:*:*:*", "matchCriteriaId": "F2574509-6871-4E05-9973-B8F7BB3130E8", "versionEndExcluding": "4.13.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_desk:*:*:*:*:server:*:*:*", "matchCriteriaId": "8A3B81E7-9F71-42C7-918D-A2C72956D52F", "versionEndExcluding": "4.13.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*", "matchCriteriaId": "78E11B7D-592B-49B9-B118-EC509C72692C", "versionEndExcluding": "4.18.0", "versionStartIncluding": "4.14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*", "matchCriteriaId": "FD134963-726B-47D9-BEF8-34AEB42CD659", "versionEndExcluding": "4.18.0", "versionStartIncluding": "4.14.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with \"Jira Administrators\" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0."}, {"lang": "es", "value": "Las versiones afectadas de Atlassian Jira Service Management Server y Data Center permiten a atacantes remotos con acceso \"Jira Administrators\" ejecutar c\u00f3digo Java arbitrario o ejecutar comandos del sistema arbitrarios por medio de una vulnerabilidad de Server_Side Template Injection en la funcionalidad Email Template. Las versiones afectadas son anteriores a versi\u00f3n 4.13.9, y desde versi\u00f3n 4.14.0 hasta 4.18.0"}], "id": "CVE-2021-39115", "lastModified": "2024-11-21T06:18:36.283", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2021-09-01T23:15:07.430", "references": [{"source": "security@atlassian.com", "tags": ["Third Party Advisory"], "url": "https://jira.atlassian.com/browse/JSDSERVER-8665"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://jira.atlassian.com/browse/JSDSERVER-8665"}], "sourceIdentifier": "security@atlassian.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-96"}], "source": "security@atlassian.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}