CVE-2021-39128 - OpenCVE

Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. The affected versions of Jira Server or Data Center are before version 8.13.12, and from version 8.14.0 before 8.19.1.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Atlassian	Jira Server Jira Data Center

Configuration 1 [-]

OR	cpe:2.3:a:atlassian:jira_data_center::::::::
	cpe:2.3:a:atlassian:jira_data_center::::::::
	cpe:2.3:a:atlassian:jira_server::::::::
	cpe:2.3:a:atlassian:jira_server::::::::

References

Link	Resource
https://jira.atlassian.com/browse/JRASERVER-72804	Issue Tracking Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: atlassian

Published: 2021-09-16T00:00:00

Updated: 2021-09-16T05:20:10

Reserved: 2021-08-16T00:00:00

Link: CVE-2021-39128

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-09-16T06:15:06.833

Modified: 2022-08-01T16:13:08.583

Link: CVE-2021-39128

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Jira Server", "vendor": "Atlassian", "versions": [{"lessThan": "8.13.12", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "8.14.0", "versionType": "custom"}, {"lessThan": "8.19.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Jira Data Center", "vendor": "Atlassian", "versions": [{"lessThan": "8.13.12", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "8.14.0", "versionType": "custom"}, {"lessThan": "8.19.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2021-09-16T00:00:00", "descriptions": [{"lang": "en", "value": "Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. The affected versions of Jira Server or Data Center are before version 8.13.12, and from version 8.14.0 before 8.19.1."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1336", "description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-16T05:20:10", "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "shortName": "atlassian"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://jira.atlassian.com/browse/JRASERVER-72804"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@atlassian.com", "DATE_PUBLIC": "2021-09-16T00:00:00", "ID": "CVE-2021-39128", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Jira Server", "version": {"version_data": [{"version_affected": "<", "version_value": "8.13.12"}, {"version_affected": ">=", "version_value": "8.14.0"}, {"version_affected": "<", "version_value": "8.19.1"}]}}, {"product_name": "Jira Data Center", "version": {"version_data": [{"version_affected": "<", "version_value": "8.13.12"}, {"version_affected": ">=", "version_value": "8.14.0"}, {"version_affected": "<", "version_value": "8.19.1"}]}}]}, "vendor_name": "Atlassian"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. The affected versions of Jira Server or Data Center are before version 8.13.12, and from version 8.14.0 before 8.19.1."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine"}]}]}, "references": {"reference_data": [{"name": "https://jira.atlassian.com/browse/JRASERVER-72804", "refsource": "MISC", "url": "https://jira.atlassian.com/browse/JRASERVER-72804"}]}}}}, "cveMetadata": {"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "assignerShortName": "atlassian", "cveId": "CVE-2021-39128", "datePublished": "2021-09-16T00:00:00", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2021-09-16T05:20:10", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8E316DC-BA81-4946-87E0-5FCCDB6DC7C4", "versionEndExcluding": "8.13.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "6105045B-EE1C-4DB4-BA84-C6BA1D1807B3", "versionEndExcluding": "8.19.1", "versionStartIncluding": "8.14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "F27DD8FE-CB2A-4103-BE5A-B2E76DA8FDD9", "versionEndExcluding": "8.13.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3770282-D254-4A7C-ADB0-82FE5DADB036", "versionEndExcluding": "8.19.1", "versionStartIncluding": "8.14.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. The affected versions of Jira Server or Data Center are before version 8.13.12, and from version 8.14.0 before 8.19.1."}, {"lang": "es", "value": "Unas versiones afectadas de Atlassian Jira Server o Data Center usando el complemento Jira Service Management permiten a atacantes remotos con acceso a JIRA Administrators ejecutar c\u00f3digo Java arbitrario por medio de una vulnerabilidad de inyecci\u00f3n de plantillas del lado del servidor en la funcionalidad Email Template. Las versiones afectadas de Jira Server o Data Center son anteriores a versi\u00f3n 8.13.12, y desde versi\u00f3n 8.14.0 hasta 8.19.1"}], "id": "CVE-2021-39128", "lastModified": "2022-08-01T16:13:08.583", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-09-16T06:15:06.833", "references": [{"source": "security@atlassian.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://jira.atlassian.com/browse/JRASERVER-72804"}], "sourceIdentifier": "security@atlassian.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-1336"}], "source": "security@atlassian.com", "type": "Secondary"}]}