Description

Jira is vulnerable to a server side template injection vulnerability, which leads to remote code execution.

Remediation

Upgrade to the latest version of Jira

References

CVE-2019-11581

JRASERVER-69532

Related Vulnerabilities

WordPress Plugin Aspose DOC Exporter Arbitrary File Download (1.0)

WordPress Plugin jRSS Widget 'url' Parameter Directory Traversal (1.1.1)

Joomla! Core 4.x.x Multiple Vulnerabilities (4.0.0 - 4.1.0)

WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.5)

WordPress Plugin Font-official webfonts plugin of Fonts For Web Directory Traversal (7.5)

Severity

High

Classification

CVE-2019-11581 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Server Side Template Injection