CVE-2019-20409Injection in Atlassian Jira Server

CWE-74Injection3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
3.5%
top 12.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Atlassian Jira ServerAtlassian JiraAtlassian Jira Software Data Center
Timeline
PublishedJun 23
Latest updateMay 24

Description

The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

CVEListV5atlassian/jira_serverunspecified8.8.0
NVDatlassian/jira< 8.8.0

🔴Vulnerability Details

2
GHSA
GHSA-8vf6-jj8p-33f5: The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 82022-05-24
CVEList
CVE-2019-20409: The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 82020-06-23
CVE-2019-20409 — Injection in Atlassian Jira Server | cvebase