Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Atlassian Jira Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability - CVE-2019-11581 - Vulnerability Database
Atlassian Jira

Atlassian Jira Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability - CVE-2019-11581

Critical
Reference: CVE-2019-11581
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-11581
Title: Atlassian Jira Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
Overview:

There was a server-side template injection vulnerability in Jira Server and Data Center in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14 from 7.7.0 before 7.13.5 from 8.0.0 before 8.0.3 from 8.1.0 before 8.1.2 and from 8.2.0 before 8.2.3 are affected by this vulnerability.