CVE-2019-20419Uncontrolled Search Path Element in Atlassian Jira Server

CWE-427Uncontrolled Search Path ElementCWE-426Untrusted Search Path3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.2%
top 63.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Atlassian Jira ServerAtlassian Jira Data Center
Timeline
PublishedJul 3
Latest updateMay 24

Description

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vulnerability in Tomcat. The affected versions are before version 8.5.5, and from version 8.6.0 before 8.7.2.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDatlassian/jira_data_center8.6.08.7.2+1
CVEListV5atlassian/jira_serverunspecified8.5.5+2
NVDatlassian/jira_server8.6.08.7.2+1

🔴Vulnerability Details

2
GHSA
GHSA-w82j-w856-p8j6: Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vulnerability in Tomca2022-05-24
CVEList
CVE-2019-20419: Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vulnerability in Tomca2020-07-03
CVE-2019-20419 — Uncontrolled Search Path Element | cvebase