Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HAtlassian Jira Service Desk
APPAtlassian< 4.13.9Atlassian Jira Service Management
APPAtlassian4.14.0 β 4.18.0 (bez)
Related vulnerabilities
An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows ...
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Fil...
A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a...
Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6....
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows ...