CVE-2019-11581
There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions....
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- April 29, 2019
- Published Date
- August 09, 2019
- Last Updated
- February 07, 2025
- Vendor
- Atlassian
- Product
- Jira Server and Data Center
- Description
- There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.
- Tags
- Exploitation
- active
- Automatable
- Yes
- Technical Impact
- total
CVSS Scores
CVSS v3.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2.0
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
SSVC Information
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2022-03-07 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-11581.yaml | 2025-04-26 00:00:00 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
PetrusViet/CVE-2019-11581
Type: github • Created: 2021-05-04 06:30:47 UTC • Stars: 6
kobs0N/CVE-2019-11581
Type: github • Created: 2019-07-25 05:29:23 UTC • Stars: 10
jas502n/CVE-2019-11581
Type: github • Created: 2019-07-16 02:27:00 UTC • Stars: 93
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Proof of Concept Exploit Available
-
Added to KEVIntel
-
Detected by Nuclei