CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2019-11581

CVSS 9.8v3.1pub. 2019-08-09upd. 2025-10-24

There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Atlassian Jira Server

    APP
    Atlassian
    4.4 – 7.6.14 (bez)7.7.0 – 7.13.5 (bez)8.0.0 – 8.0.3 (bez)8.1.0 – 8.1.2 (bez)8.2.0 – 8.2.3 (bez)

CISA KEV — detailsi

Vendori
Atlassian
Producti
Jira Server and Data Center
Added to KEVi
March 7, 2022
Remediation deadline (US Federal)i
September 7, 2022(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

Atlassian Jira Server and Data Center contain a server-side template injection vulnerability which can allow for remote code execution.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 7 września 2022
CWE
References

Related vulnerabilities

CVE-2022-26136CRITICAL9.8ten sam produkt

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Fil...

CVE-2022-0540CRITICAL9.8ten sam produkt

A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a...

CVE-2025-22167HIGH8.7ten sam produkt

This High severity Path Traversal (Arbitrary Write) vulnerability was introduced in versions: 9.12.0, 10.3.0 a...

CVE-2025-22157HIGH7.2ten sam produkt

This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions: 9.12.0, 10.3.0, 1...

CVE-2024-21683HIGH8.8ten sam produkt

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data ...