CVE-2021-43944
moderate-risk
Published 2022-03-08
This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.
Do I need to act?
~
2.0% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.2/10
High
NETWORK
/ LOW complexity
Affected Products (2)
Affected Vendors
References (2)
Issue Tracking
https://jira.atlassian.com/browse/JRASERVER-73072
Issue Tracking
https://jira.atlassian.com/browse/JRASERVER-73072
38
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
5/34 · Minimal
Exposure
7/34 · Low