vulnerability

Atlassian JIRA: Template injection in Jira Importers Plugin (CVE-2019-15001)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:S/C:C/I:C/A:C)	Sep 19, 2019	Oct 11, 2019	Aug 11, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:C/A:C)

Published

Sep 19, 2019

Added

Oct 11, 2019

Modified

Aug 11, 2025

Description

The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.0.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator permissions to gain remote code execution via a template injection vulnerability through the use of a crafted PUT request.

Solutions

atlassian-jira-upgrade-7_13_8atlassian-jira-upgrade-7_6_16atlassian-jira-upgrade-8_1_3atlassian-jira-upgrade-8_2_5atlassian-jira-upgrade-8_3_4atlassian-jira-upgrade-8_4_1

References

CVE-2019-15001
https://attackerkb.com/topics/CVE-2019-15001
CWE-94

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today