CVE-2019-20409
First published: Tue Jun 23 2020(Updated: )
The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian JIRA | <8.8.0 | |
| Atlassian Jira Software Data Center | <8.8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-20409?
CVE-2019-20409 is a vulnerability in Atlassian Jira Server and Data Center versions prior to 8.8.0 that allows remote attackers to gain remote code execution through server side template injection.
How severe is CVE-2019-20409?
CVE-2019-20409 has a severity score of 9.8, which is classified as critical.
How does CVE-2019-20409 affect Atlassian Jira Server and Data Center?
CVE-2019-20409 affects Atlassian Jira Server and Data Center versions prior to 8.8.0.
What is the Common Weakness Enumeration (CWE) ID for CVE-2019-20409?
CVE-2019-20409 is associated with CWE-74, which is a code injection vulnerability.
Is there a patch available for CVE-2019-20409?
Yes, the vulnerability has been fixed in version 8.8.0 of Atlassian Jira Server and Data Center.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/event
- agent/type
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/atlassian
- canonical/atlassian jira
- canonical/atlassian jira software data center