What is the severity of CVE-2021-39115?

The severity of CVE-2021-39115 is critical.

What is the vulnerability in Atlassian Jira Service Management?

The vulnerability in Atlassian Jira Service Management is a Server_Side Template Injection vulnerability in the Email Template feature.

Which versions of Atlassian Jira Service Management are affected?

Versions up to and excluding 4.13.9 in Data Center and versions 4.14.0 to 4.18.0 in Server of Atlassian Jira Service Management are affected.

How can remote attackers exploit CVE-2021-39115?

Remote attackers with "Jira Administrators" access can exploit CVE-2021-39115 to execute arbitrary Java code or run arbitrary system commands.

How can I fix CVE-2021-39115 in Atlassian Jira Service Management?

To fix CVE-2021-39115 in Atlassian Jira Service Management, update to a version beyond 4.13.9 in Data Center or a version beyond 4.18.0 in Server.

Vulnerability/
CVE-2021-39115

critical

CWE

94 96

1/9/2021

11/10/2024

CVE-2021-39115: Code Injection

First published: Wed Sep 01 2021(Updated: )

Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0.

Credit: security@atlassian.com security@atlassian.com

Affected Software	Affected Version	How to fix
Atlassian Jira Service Desk	<4.13.9
Atlassian Jira Service Desk	<4.13.9
Atlassian Jira Service Management	>=4.14.0<4.18.0
Atlassian Jira Service Management	>=4.14.0<4.18.0

Never miss a vulnerability like this again

Reference Links

https://jira.atlassian.com/browse/JSDSERVER-8665

Frequently Asked Questions

What is the severity of CVE-2021-39115?
The severity of CVE-2021-39115 is critical.
What is the vulnerability in Atlassian Jira Service Management?
The vulnerability in Atlassian Jira Service Management is a Server_Side Template Injection vulnerability in the Email Template feature.
Which versions of Atlassian Jira Service Management are affected?
Versions up to and excluding 4.13.9 in Data Center and versions 4.14.0 to 4.18.0 in Server of Atlassian Jira Service Management are affected.
How can remote attackers exploit CVE-2021-39115?
Remote attackers with "Jira Administrators" access can exploit CVE-2021-39115 to execute arbitrary Java code or run arbitrary system commands.
How can I fix CVE-2021-39115 in Atlassian Jira Service Management?
To fix CVE-2021-39115 in Atlassian Jira Service Management, update to a version beyond 4.13.9 in Data Center or a version beyond 4.18.0 in Server.

collector/nvd-index
agent/type
agent/softwarecombine
agent/author
agent/weakness
agent/severity
agent/references
agent/tags
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/first-publish-date
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/atlassian
canonical/atlassian jira service desk
canonical/atlassian jira service management
version/atlassian jira service management/4.14.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.