CVE-2021-39115

7.2HIGH

Key Information

Vendor: Atlassian
Status: Jira Service Desk Server; Jira Service Desk Data Center
Vendor: CVE Published:; 1 September 2021

Badges

👾 Exploit Exists🔴 Public PoC

Summary

Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0.

Affected Version(s)

Jira Service Desk Server < 4.13.9

Jira Service Desk Server < 4.14.0

Jira Service Desk Server < 4.18.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2021-39115
Created by PetrusViet

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit exists.
Oct 12, 2024
Vulnerability published.
Sep 1, 2021
Vulnerability Reserved.
Aug 16, 2021

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)