Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2019-11581 | First vendor Publication | 2019-08-09 |
Vendor | Cve | Last vendor Modification | 2022-03-25 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | |||
---|---|---|---|
Overall CVSS Score | 9.8 | ||
Base Score | 9.8 | Environmental Score | 9.8 |
impact SubScore | 5.9 | Temporal Score | 9.8 |
Exploitabality Sub Score | 3.9 | ||
Attack Vector | Network | Attack Complexity | Low |
Privileges Required | None | User Interaction | None |
Scope | Unchanged | Confidentiality Impact | High |
Integrity Impact | High | Availability Impact | High |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11581 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-74 | Failure to Sanitize Data into a Different Plane ('Injection') |
CPE : Common Platform Enumeration
Snort® IPS/IDS
Date | Description |
---|---|
2019-10-01 | Atlassian Jira ContactAdministrators and SendBulkMail template injection remo... RuleID : 51318 - Revision : 1 - Type : SERVER-WEBAPP |
2019-10-01 | Atlassian Jira ContactAdministrators and SendBulkMail template injection remo... RuleID : 51317 - Revision : 1 - Type : SERVER-WEBAPP |
2019-10-01 | Atlassian Jira ContactAdministrators and SendBulkMail template injection remo... RuleID : 51316 - Revision : 1 - Type : SERVER-WEBAPP |
2019-10-01 | Atlassian Jira ContactAdministrators and SendBulkMail template injection remo... RuleID : 51315 - Revision : 1 - Type : SERVER-WEBAPP |
Sources (Detail)
Source | Url |
---|---|
MISC | https://jira.atlassian.com/browse/JRASERVER-69532 |
Alert History
Date | Informations |
---|---|
2023-08-12 13:01:00 |
|
2023-08-12 01:15:53 |
|
2023-08-11 12:54:53 |
|
2023-08-11 01:16:19 |
|
2023-08-06 12:53:16 |
|
2023-08-06 01:15:49 |
|
2023-08-04 12:53:31 |
|
2023-08-04 01:15:58 |
|
2023-07-14 12:53:30 |
|
2023-07-14 01:15:56 |
|
2023-03-29 01:54:53 |
|
2023-03-28 12:16:14 |
|
2022-10-11 12:47:49 |
|
2022-10-11 01:15:50 |
|
2022-03-29 09:23:10 |
|
2022-03-28 21:23:17 |
|
2022-03-26 09:23:23 |
|
2022-03-26 00:23:14 |
|
2022-03-25 21:23:32 |
|
2021-09-25 01:33:19 |
|
2021-08-05 01:31:42 |
|
2021-07-21 17:24:56 |
|
2021-05-04 13:22:00 |
|
2021-04-22 02:37:01 |
|
2021-03-27 01:28:16 |
|
2020-07-03 01:23:22 |
|
2020-05-23 02:21:40 |
|
2019-09-25 12:10:54 |
|
2019-09-20 12:05:46 |
|
2019-09-18 12:10:41 |
|
2019-08-20 17:19:24 |
|
2019-08-20 00:19:18 |
|
2019-08-12 05:19:35 |
|
2019-08-10 05:19:49 |
|