CVE-2019-15001

CVE Database · CVE-2019-15001

CVE-2019-15001

· HIGHModified

CVSS v3.1

7.2

EPSS

11.37%

Published

Sep 19, 2019

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.0.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator permissions to gain remote code execution via a template injection vulnerability through the use of a crafted PUT request.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-94

Affected Products (12)

atlassian · jira_server (up to 7.6.16)vulnerable

atlassian · jira_server (up to 7.13.8)vulnerable

atlassian · jira_server (up to 8.1.3)vulnerable

atlassian · jira_server (up to 8.2.5)vulnerable

atlassian · jira_server (up to 8.3.4)vulnerable

atlassian · jira_servervulnerable

atlassian · jira_data_center (up to 7.6.16)vulnerable