Exploit
CVE-2021-39115

Improper Control of Generation of Code ('Code Injection') (CWE-94)

Published: Sep 1, 2021 / Updated: 32mo ago

010
CVSS 7.2EPSS 0.24%High
CVE info copied to clipboard

Summary

Affected versions of Atlassian Jira Service Management Server and Data Center contain a Server-Side Template Injection vulnerability in the Email Template feature. This vulnerability allows remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands.

Impact

The impact of this vulnerability is severe. Attackers with Jira Administrator privileges can execute arbitrary Java code or system commands, potentially leading to complete system compromise. This could result in unauthorized access to sensitive data, modification of system configurations, disruption of services, and potential lateral movement within the network. The vulnerability has a high impact on confidentiality, integrity, and availability of the affected systems.

Exploitation

One proof-of-concept exploit is available on github.com. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. The vulnerability has been fixed in Jira Service Management Server and Data Center version 4.13.9 and version 4.18.0. Users should upgrade to these or later versions to mitigate the risk.

Mitigation

1. Upgrade Atlassian Jira Service Management Server and Data Center to version 4.13.9 or 4.18.0 or later, depending on your current version. 2. If immediate patching is not possible, restrict and closely monitor access to Jira Administrator accounts. 3. Implement strong authentication mechanisms and regularly audit user access, especially for administrative accounts. 4. Monitor system logs for any suspicious activities related to the Email Template feature. 5. Apply the principle of least privilege to limit the potential impact if an account is compromised.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2021-39115. See article

Sep 1, 2021 at 10:58 PM / jira.atlassian.com
EPSS

EPSS Score was set to: 0.24% (Percentile: 61.4%)

Sep 26, 2023 at 4:13 AM
Static CVE Timeline Graph

Affected Systems

Atlassian/jira_service_desk
+null more

Exploits

https://github.com/PetrusViet/CVE-2021-39115
+null more

Attack Patterns

CAPEC-242: Code Injection
+null more

References

[JSDSERVER-8665] Template Injection in Email Templates leads to code execution on Jira Service Management Server - CVE-2021-39115
Type: Public Security Vulnerability Priority: Low Reporter: Security Metrics Bot Assignee: Unassigned Resolution: Fixed Votes: 0 Labels: CVE-2021-39115, advisory, advisory-to-release, dont-import, security Remaining Estimate: Not Specified Time Spent: Not Specified Original Estimate: Not Specified Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature.
Vulnerability Research List
However, the collaborative system v4.6.1 SQL injection – file deletion -> RCE Zhiyuan OA FanRuan report v8.0 background file upload

News

Security Bulletin 27 Apr 2022
This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, ... CVE-2022-24500, Windows SMB Remote Code Execution Vulnerability.
Vulnerability Research List
However, the collaborative system v4.6.1 SQL injection – file deletion -> RCE Zhiyuan OA FanRuan report v8.0 background file upload
Security Bulletin 9 Mar 2022 | #macos | #macsecurity
CVE Number Description Base Score Reference CVE-2020-15824 In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users... The post Security Bulletin 9 Mar 2022 #macos #macsecurity appeared first on NATIONAL CYBER SECURITY NEWS TODAY .
Security Bulletin 9 Mar 2022 - Cyber Security Agency of Singapore
Security Bulletin 9 Mar 2022 Cyber Security Agency of Singapore
Server-side template injection in Jira Service Management Server
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet. The vulnerability allows a remote privileged user to execute arbitrary code on the target system.
See 47 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:High
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI