← Voltar para CVEs
CVE-2019-11581
CRITICALCISA KEV9.8
Descricao
There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado8/9/2019
Ultima modificacao10/24/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorAtlassian
ProdutoJira Server and Data Center
Nome da vulnerabilidadeAtlassian Jira Server and Data Center Server-Side Template Injection Vulnerability
Data inclusao KEV2022-03-07
Prazo de remediacao2022-09-07
Uso em ransomwareUnknown
Produtos afetados
atlassian:jira_server
Fraquezas (CWE)
CWE-74CWE-74
Referencias
https://jira.atlassian.com/browse/JRASERVER-69532(security@atlassian.com)
https://jira.atlassian.com/browse/JRASERVER-69532(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-11581(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.