Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-39128: [JRASERVER-72804] Template Injection in Email Templates leads to RCE on Jira Service Management Server - CVE-2021-39128

Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. The affected versions of Jira Server or Data Center are before version 8.13.12, and from version 8.14.0 before 8.19.1.

CVE
#vulnerability#java#rce#jira

Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature.

The affected versions of Jira Server or Data Center are before version 8.13.12, and from version 8.14.0 before 8.19.1.

*Affected versions:*

  • version < 8.13.12
  • 8.14.0 ≤ version < 8.19.1

*Fixed versions:*

  • 8.13.12
  • 8.19.1
  • 8.20.0
  • 8.21.0

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907