N/A

This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.

N/A

N/A

Atlassian Jira 代码注入漏洞

Atlassian Jira是澳大利亚Atlassian公司的一套缺陷跟踪管理系统。该系统主要用于对工作中各类问题、缺陷进行跟踪管理。 Atlassian Jira Server 和 Data Center存在安全漏洞，该漏洞允许具有系统管理员权限的远程攻击者通过模板注入执行任意代码，从而导致电子邮件模板功能中的远程代码被执行 (RCE)。受影响的版本为8.13.15之前的版本以及8.20.3之前的8.14.0之前的版本。这个问题的存在是为了说明Atlassian Jira Server 和 Data C

N/A

N/A