Atlassian patches email template vulnerability in Jira

By

Code execution via email templates.

Atlassian has patched its Jira Server and Data Center products against exploitable, high-severity bugs in the products’ email templates.

Atlassian patches email template vulnerability in Jira

The bug was disclosed in this ticket, and has been assigned vulnerability number CVE-2022-36799.

The ticket explains that affected versions of Jira Server and Data Center “allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to remote code execution (RCE) in the Email Templates feature.

“In this case the security improvement was to protect against using the XStream library to be able to execute arbitrary code in velocity templates.

“The affected versions are before version 8.13.19, from version 8.14.0 before 8.20.7, and from version 8.21.0 before 8.22.1.”

While exploitable only by a system administrator, Atlassian still gave the bug a Common Vulnerabilities Scoring System score of 7.8.

The fixed versions are Jira Server and Data Center 8.13.19, 8.20.7, 8.22.1, and 9.0.0.

Upgrade warning

In addition, after disclosing a hardcoded credential bug in its Confluence products last month, Atlassian upgraded its warning to uses, saying: “An external party has discovered and publicly disclosed the hardcoded password on Twitter.

"It is important to remediate this vulnerability on affected systems immediately.”

Publication of the hardcoded password led the US Cybersecurity and Infrastructure Security Agency (CISA) to add the vulnerability, CVE-2022-26138, to its Known Exploited Vulnerabilities Catalog.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Melbourne dev finds gift card PINs can be brute-forced

Melbourne dev finds gift card PINs can be brute-forced

"Widespread data theft" hits Salesforce customers via third party

"Widespread data theft" hits Salesforce customers via third party

Zero-click Apple and WhatsApp bug combo used to drop gov spyware

Zero-click Apple and WhatsApp bug combo used to drop gov spyware

Western Sydney University targets file-sharing sites hosting stolen data

Western Sydney University targets file-sharing sites hosting stolen data

Log In

  |  Forgot your password?