Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. The affected versions of Jira Server or Data Center are before version 8.13.12, and from version 8.14.0 before 8.19.1.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://jira.atlassian.com/browse/JRASERVER-72804 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: atlassian
Published: 2021-09-16T05:20:10.512566Z
Updated: 2024-09-16T17:23:08.218Z
Reserved: 2021-08-16T00:00:00
Link: CVE-2021-39128
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-09-16T06:15:06.833
Modified: 2022-08-01T16:13:08.583
Link: CVE-2021-39128
Redhat
No data.