What is the severity of CVE-2021-39115?

The severity of CVE-2021-39115 is critical.

What is the vulnerability in Atlassian Jira Service Management?

The vulnerability in Atlassian Jira Service Management is a Server_Side Template Injection vulnerability in the Email Template feature.

Which versions of Atlassian Jira Service Management are affected?

Versions up to and excluding 4.13.9 in Data Center and versions 4.14.0 to 4.18.0 in Server of Atlassian Jira Service Management are affected.

How can remote attackers exploit CVE-2021-39115?

Remote attackers with "Jira Administrators" access can exploit CVE-2021-39115 to execute arbitrary Java code or run arbitrary system commands.

How can I fix CVE-2021-39115 in Atlassian Jira Service Management?

To fix CVE-2021-39115 in Atlassian Jira Service Management, update to a version beyond 4.13.9 in Data Center or a version beyond 4.18.0 in Server.

Vulnerability/
CVE-2021-39115

critical

CWE

94 96

1/9/2021

25/4/2022

CVE-2021-39115: Code Injection

First published: Wed Sep 01 2021(Updated: )

Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0.

Credit: security@atlassian.com

Affected Software	Affected Version	How to fix
Atlassian Jira Service Desk	<4.13.9
Atlassian Jira Service Desk	<4.13.9
Atlassian Jira Service Management	>=4.14.0<4.18.0
Atlassian Jira Service Management	>=4.14.0<4.18.0

Never miss a vulnerability like this again

Reference Links

https://jira.atlassian.com/browse/JSDSERVER-8665

Frequently Asked Questions

What is the severity of CVE-2021-39115?
The severity of CVE-2021-39115 is critical.
What is the vulnerability in Atlassian Jira Service Management?
The vulnerability in Atlassian Jira Service Management is a Server_Side Template Injection vulnerability in the Email Template feature.
Which versions of Atlassian Jira Service Management are affected?
Versions up to and excluding 4.13.9 in Data Center and versions 4.14.0 to 4.18.0 in Server of Atlassian Jira Service Management are affected.
How can remote attackers exploit CVE-2021-39115?
Remote attackers with "Jira Administrators" access can exploit CVE-2021-39115 to execute arbitrary Java code or run arbitrary system commands.
How can I fix CVE-2021-39115 in Atlassian Jira Service Management?
To fix CVE-2021-39115 in Atlassian Jira Service Management, update to a version beyond 4.13.9 in Data Center or a version beyond 4.18.0 in Server.

collector/nvd-index
agent/references
agent/severity
agent/author
agent/type
agent/event
vendor/atlassian
canonical/atlassian jira service desk
canonical/atlassian jira service management
version/atlassian jira service management/4.14.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.