Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Atlassian Jira Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2019-15001 - Vulnerability Database
Atlassian Jira

Atlassian Jira Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2019-15001

High
Reference: CVE-2019-15001
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-15001
Title: Atlassian Jira Improper Control of Generation of Code (Code Injection) Vulnerability
Overview:

The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16 from 7.7.0 before 7.13.8 from 8.0.0 before 8.1.3 from 8.2.0 before 8.2.5 from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator permissions to gain remote code execution via a template injection vulnerability through the use of a crafted PUT request.