CVE-2021-43944

7.2HIGH

Key Information

Vendor: Atlassian
Status: Jira Server; Jira Data Center
Vendor: CVE Published:; 8 March 2022

Summary

This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.

Affected Version(s)

Jira Server < 8.13.15

Jira Server < 8.14.0

Jira Server < 8.20.3

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Mar 8, 2022
Vulnerability Reserved.
Nov 16, 2021

Collectors

NVD DatabaseMitre Database