CVE-2020-14172

EUVD-2020-6329

03.07.2020, 02:15

This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. The way in which velocity templates were used in Atlassian Jira Server and Data Center in affected versions allowed remote attackers to achieve remote code execution via insecure deserialization, if they were able to exploit a server side template injection vulnerability. The affected versions are before version 7.13.0, from version 8.0.0 before 8.5.0, and from version 8.6.0 before version 8.8.1.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 89%

Affected Products (NVD)

Vendor	Product	Version
atlassian	jira	𝑥 < 7.13.0
atlassian	jira	8.0.0 ≤ 𝑥 < 8.5.0
atlassian	jira	8.6.0 ≤ 𝑥 < 8.8.1
atlassian	jira_software_data_center	𝑥 < 7.13.0
atlassian	jira_software_data_center	8.0.0 ≤ 𝑥 < 8.5.0
atlassian	jira_software_data_center	8.6.0 ≤ 𝑥 < 8.8.1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-502 - Deserialization of Untrusted Data
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References

https://jira.atlassian.com/browse/JRASERVER-70940