Affected versions of Automation for Jira - Server allowed remote attackers to read and render files as mustache templates in files inside the WEB-INF/classes & <jira-installation>/jira/bin directories via a template injection vulnerability in Jira smart values using mustache partials. The affected versions are those before version 7.1.15.
References
Link | Resource |
---|---|
https://jira.atlassian.com/browse/JIRAAUTOSERVER-185 | Issue Tracking Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: atlassian
Published: 2020-12-01T00:00:00
Updated: 2020-11-30T23:05:15
Reserved: 2020-06-16T00:00:00
Link: CVE-2020-14193
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-11-30T23:15:11.440
Modified: 2022-02-01T17:41:06.197
Link: CVE-2020-14193
JSON object: View
Redhat Information
No data.
CWE