Description

Jira is vulnerable to a server side template injection vulnerability, which leads to remote code execution.

Remediation

Upgrade to the latest version of Jira

References

CVE-2019-11581

JRASERVER-69532

Related Vulnerabilities

WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.21)

PHP Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-2665)

Mailing List 'dl.php' Arbitrary File Download (1.4.1)

Drupal Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2020-36193)

WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.5)

Severity

High

Classification

CVE-2019-11581 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Server Side Template Injection