CVE-2022-36799 – This issue exists to document that a security improvement in the way that Jira Server and …

1 August 2022

Vuln ID: CVE-2022-36799

Published: 2022-08-01 11:15:14Z

Description: This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. In this case the security improvement was to protect against using the XStream library to be able to execute arbitrary code in velocity templates. The affected versions are before version 8.13.19, from version 8.14.0 before 8.20.7, and from version 8.21.0 before 8.22.1.

Source: NVD.NIST.GOV

Date:

1 August 2022

Categorie(s):

NVD

Tag(s):

NVD

Network Threats: A Step-by-Step Attack Demonstration25 April 2024
ESET integrates with Arctic Wolf to provide greater security visibility25 April 2024
JudgeO Online Code Editor Flaw Let Attackers Execute Code as Root User25 April 2024
Sublime Security secures $20 million to strengthen cloud email security and visibility25 April 2024
DragonForce Ransomware Group Uses LockBit’s Leaked Builder25 April 2024