CyberSec.Space Logo
返回 CVE 浏览器

CVE-2019-11581

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score41.8400%
EPSS Percentile87.44th
Published2019年8月9日
Last Modified2025年10月24日

Vulnerability Description

There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.

Affected Platforms (CPE)

📦
Atlassian

Jira Server

>= 4.4 and < 7.6.14
📦
Atlassian

Jira Server

>= 7.7.0 and < 7.13.5
📦
Atlassian

Jira Server

>= 8.0.0 and < 8.0.3
📦
Atlassian

Jira Server

>= 8.1.0 and < 8.1.2
📦
Atlassian

Jira Server

>= 8.2.0 and < 8.2.3

References & Advisories

🔗 https://jira.atlassian.com/browse/JRASERVER-69532
🔗 https://jira.atlassian.com/browse/JRASERVER-69532
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-11581

相关漏洞威胁

CVE-2017-59839.8

The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allo...

CVE-2020-141729.8

This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has b...

CVE-2019-204099.8

The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attac...

CVE-2021-260688.8

An endpoint in Atlassian Jira Server for Slack plugin from version 0.0.3 before version 2.0.15 allows remote attackers to execute ...