Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

CVE-2022-36799

UNKNOWN

Published 2022-08-01T01:15:12.567055Z

Actions:

CVSS Score

V3.1

7.2

/10

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Base Score Metrics

Exploitability: N/A Impact: N/A

EPSS Score

v2023.03.01

0.001

probability

of exploitation in the wild

There is a 0.1% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-01-25

Exploit Probability

Percentile: 0.488

Higher than 48.8% of all CVEs

Attack Vector Metrics

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Impact Metrics

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Description

This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. In this case the security improvement was to protect against using the XStream library to be able to execute arbitrary code in velocity templates. The affected versions are before version 8.13.19, from version 8.14.0 before 8.20.7, and from version 8.21.0 before 8.22.1.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Jira Server

Affected Versions:

unspecified 8.14.0 unspecified 8.21.0 unspecified

Jira Data Center

Affected Versions:

unspecified 8.14.0 unspecified 8.21.0 unspecified

jira_server

Affected Versions:

0 8.14.0 8.21.0

jira_data_center

Affected Versions:

0 8.14.0 8.21.0

References

https://jira.atlassian.com/browse/JRASERVER-73582

Published: 2022-08-01T01:15:12.567055Z

Last Modified: 2024-10-03T18:44:09.152Z

Copied to clipboard!