Atlassian Jira 8.1.x < 8.1.2 Template Injection Vulnerability
critical Web Application Scanning Plugin ID 98654
Language:
Synopsis
Atlassian Jira 8.1.x < 8.1.2 Template Injection VulnerabilityDescription
According to its self-reported version number, the Atlassian Jira application running on the remote host is 4.4.x < 7.6.14, 7.7.x < 7.13.5, 8.0.x < 8.0.3, 8.1.x < 8.1.2, 8.2.x < 8.2.3. It is, therefore, affected by a server-side template injection vulnerability that exists in the ContactAdministrators and SendBulkMail actions where SMTP server is configured and the Contact Administrators Form is enabled. An unauthenticated, remote attacker may exploit this to bypass authentication and execute arbitrary code.Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Atlassian Jira version 8.1.2 or later.See Also
https://confluence.atlassian.com/jira/jira-security-advisory-2019-07-10-973486595.html
Plugin Details
Severity: Critical
ID: 98654
Type: remote
Family: Component Vulnerability
Published: 8/12/2019
Updated: 10/7/2021
Scan Template: pci, api, scan
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: High
Base Score: 9.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2019-11581
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score Source: CVE-2019-11581
Vulnerability Information
CPE: cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 8/9/2019
Vulnerability Publication Date: 8/9/2019
Reference Information
CVE: CVE-2019-11581
CWE: 94
OWASP: 2013-A9, 2017-A9, 2010-A1, 2013-A1, 2017-A1, 2021-A6, 2021-A3
WASC: OS Commanding
OWASP API: 2019-API7, 2019-API8
HIPAA: 164.306(a)(1), 164.306(a)(2)
DISA STIG: APSC-DV-002630, APSC-DV-002510
OWASP ASVS: 4.0.2-14.2.1, 4.0.2-5.2.5
ISO: 27001-A.14.2.5
NIST: sp800_53-CM-6b, sp800_53-SI-10