ASA-2019-00426 – Atlassian Jira: Template injection in various resources

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00426

Identifier(s)

ASA-2019-00426, CVE-2019-11581

Title

Template injection in various resources

Vendor(s)

Atlassian

Product(s)

Atlassian Jira Server
Atlassian Jira Data Center

Affected version(s)

Atlassian Jira Server versions 4.4.x, 5.x.x, 6.x.x, 7.0.x, 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.x, 7.6.x before 7.6.14, 7.7.x, 7.8.x, 7.9.x, 7.10.x, 7.11.x, 7.12.x, 7.13.x before 7.13.5, 8.0.x before 8.0.3, 8.1.x before 8.1.2, 8.2.x before 8.2.3

Atlassian Jira Data Center versions 4.4.x, 5.x.x, 6.x.x, 7.0.x, 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.x, 7.6.x before 7.6.14, 7.7.x, 7.8.x, 7.9.x, 7.10.x, 7.11.x, 7.12.x, 7.13.x before 7.13.5, 8.0.x before 8.0.3, 8.1.x before 8.1.2, 8.2.x before 8.2.3

Fixed version(s)

Atlassian Jira Server versions 7.6.14, 7.13.5, 8.0.3, 8.1.2 and 8.2.3
Atlassian Jira Data Center versions 7.6.14, 7.13.5, 8.0.3, 8.1.2 and 8.2.3

Proof of concept

Yes

Description

There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. For this issue to be exploitable at least one of the following conditions must be met:

  • an SMTP server has been configured in Jira and the Contact Administrators Form is enabled; or
  • an SMTP server has been configured in Jira and an attacker has “JIRA Administrators” access.

In the first case, where the Contact Administrators Form is enabled, attackers are able to exploit this issue without authentication. In the second case, attackers with “JIRA Administrators” access can exploit this issue. In either case, successful exploitation of this issue allows an attacker to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center.

Technical details

Unknown

Credits

Daniil Dmitriev

Reference(s)

JIRA Security Advisory 2019-07-10 – Atlassian Documentation
https://confluence.atlassian.com/jira/jira-security-advisory-2019-07-10-973486595.html

CVE-2019-11581 – Template injection in various resources
https://jira.atlassian.com/browse/JRASERVER-69532

RCE in Jira(CVE-2019–11581)
https://medium.com/@ruvlol/rce-in-jira-cve-2019-11581-901b845f0f

CVE-2019-11581
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11581

CVE-2019-11581
https://nvd.nist.gov/vuln/detail/CVE-2019-11581

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: July 15, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.