Vulnerability Summary

Atlassian JIRA Server and Data Center could allow a remote malicious user to execute arbitrary code on the system, caused by a server-side template injection vulnerability in various resources. If an SMTP server has been configured in Jira and the Contact Administrators Form is enabled or the attacker has "JIRA Administrators" access, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Vulnerability Trend

Github Repositories

CVE-2019-11581 Atlassian JIRA Template injection vulnerability RCE

Recent Articles

Jira Server and Data Center Update Patches Critical Vulnerability
BleepingComputer • Ionut Ilascu • 11 Jul 2019

Atlassian has patched a critical vulnerability affecting Jira Server and Data Center versions released since the summer of 2011.
An advisory today from enterprise software company Atlassian offers details about a template injection on the server side that could be exploited without authentication under certain conditions.
Tracked as CVE-2019-11581, the vulnerability was introduced in version 4.4.0. It was discovered and reported by Bugcrowd researcher Daniil Dmitriev.