{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T11:29:34.310","vulnerabilities":[{"cve":{"id":"CVE-2019-15001","sourceIdentifier":"security@atlassian.com","published":"2019-09-19T15:15:15.500","lastModified":"2024-11-21T04:27:51.093","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.0.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator permissions to gain remote code execution via a template injection vulnerability through the use of a crafted PUT request."},{"lang":"es","value":"El plugin Jira Importers en Atlassian Jira Server y Data Cente desde la versión 7.0.10 anterior a 7.6.16, desde 7.7.0 anterior a 7.13.8, desde 8.0.0 anterior a 8.1.3, desde 8.2.0 anterior a 8.2.5, desde 8.3.0 anterior a 8.3.4 y desde 8.4.0 anteriores a 8.4.1, permite a atacantes remotos con permisos de Administrador conseguir la ejecución de código remota por medio de una vulnerabilidad de inyección de plantilla mediante el uso de una petición PUT diseñada"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.10","versionEndExcluding":"7.6.16","matchCriteriaId":"27645527-F779-4D88-A5DC-3889826057F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*","versionStartIncluding":"7.7.0","versionEndExcluding":"7.13.8","matchCriteriaId":"C5713AA6-6A8E-4047-A2BB-F3DD86F4027F"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.1.3","matchCriteriaId":"619C9169-030E-4DFA-980B-579C7BEE92EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*","versionStartIncluding":"8.2.0","versionEndExcluding":"8.2.5","matchCriteriaId":"19D84658-E0FE-46A1-8632-E82A617B424C"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*","versionStartIncluding":"8.3.0","versionEndExcluding":"8.3.4","matchCriteriaId":"9CCF9D19-3053-4B57-AE4F-462F26CB7488"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_server:8.4.0:*:*:*:*:*:*:*","matchCriteriaId":"D45212C3-E178-40D9-B3EF-2738A879A345"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.10","versionEndExcluding":"7.6.16","matchCriteriaId":"1099688C-6260-4216-83C9-29ED1347FC9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*","versionStartIncluding":"7.7.0","versionEndExcluding":"7.13.8","matchCriteriaId":"03E27B59-BCEA-433E-94AF-81125454834F"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.1.3","matchCriteriaId":"0AE27B6F-A8A0-4083-8F80-60D3AD0DBAB5"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*","versionStartIncluding":"8.2.0","versionEndExcluding":"8.2.5","matchCriteriaId":"221A13F3-D7C3-4F70-B6C6-375B77153C6E"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*","versionStartIncluding":"8.3.0","versionEndExcluding":"8.3.4","matchCriteriaId":"A0D36CAF-2183-4989-BB31-6EFA15AD6372"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_data_center:8.4.0:*:*:*:*:*:*:*","matchCriteriaId":"93D2C7F2-FA9A-471B-8B98-F4089E68ABA7"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/154611/Jira-Server-Data-Center-Template-Injection.html","source":"security@atlassian.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://jira.atlassian.com/browse/JRASERVER-69933","source":"security@atlassian.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Sep/42","source":"security@atlassian.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/154611/Jira-Server-Data-Center-Template-Injection.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://jira.atlassian.com/browse/JRASERVER-69933","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Sep/42","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}}]}