← voltar
CVE-2019-15001

CVE-2019-15001

EPSS 11.4%
Vexday Risk Score
8Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS EPSS 11.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
19 set 2019Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.0.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator permissions to gain remote code execution via a template injection vulnerability through the use of a crafted PUT request.
Produtos afetados
Atlassian · Jira Data CenterAtlassian · Jira Server

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://packetstormsecurity.com/files/154611/Jira-Server-Data-Center-Template-Injection.htmlhttps://jira.atlassian.com/browse/JRASERVER-69933https://seclists.org/bugtraq/2019/Sep/42