Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2020-14172
CVE information
Published
Last Modified
CVSSv2.0 Severity
CVSSv3.1 Severity
Impact Analysis
Description
This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. The way in which velocity templates were used in Atlassian Jira Server and Data Center in affected versions allowed remote attackers to achieve remote code execution via insecure deserialization, if they were able to exploit a server side template injection vulnerability. The affected versions are before version 7.13.0, from version 8.0.0 before 8.5.0, and from version 8.6.0 before version 8.8.1..
CVSSv2.0 Score
- Severity
- High
- Base Score
- 7.5/10
- Exploit Score
- 10/10
- Access Vector
- Network
- Access Complexity
- Low
- Authentication Required
- None
- Impact Score
- 6.4/10
- Confidentiality Impact
- Partial
- Availability Impact
- Partial
- Integrity Impact
- Partial
CVSSv3.1 Score
- Severity
- Critical
- Base Score
- 9.8/10
- Exploit Score
- 3.9/10
- Access Vector
- Network
- Access Complexity
- Low
- Privileges Required
- None
- Impact Score
- 5.9/10
- Confidentiality Impact
- High
- Availability Impact
- High
- Integrity Impact
- High
- Scope
- Unchanged
- User Interaction
- None
Products Affected
CPE | Affected | Vulnerable | Excluding | Edit |
---|---|---|---|---|
cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:* |
Yes
|
8.6.0 | 8.8.1 | |
cpe:2.3:a:atlassian:jira_software_data_center:*:*:*:*:*:*:*: |
Yes
|
8.6.0 | 8.8.1 | |
cpe:2.3:a:atlassian:jira_software_data_center:*:*:*:*:*:*:*: |
Yes
|
- | 7.13.0 | |
cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:* |
Yes
|
- | 7.13.0 | |
cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:* |
Yes
|
8.0.0 | 8.5.0 | |
cpe:2.3:a:atlassian:jira_software_data_center:*:*:*:*:*:*:*: |
Yes
|
8.0.0 | 8.5.0 |