CVE-2022-36799— Atlassian Jira和Atlassian JIRA Data Center 代码注入漏洞

N/A

This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. In this case the security improvement was to protect against using the XStream library to be able to execute arbitrary code in velocity templates. The affected versions are before version 8.13.19, from version 8.14.0 before 8.20.7, and from version 8.21.0 before 8.22.1.

N/A

N/A

Atlassian Jira和Atlassian JIRA Data Center 代码注入漏洞

Atlassian Jira和Atlassian JIRA Data Center都是澳大利亚Atlassian公司的产品。Atlassian Jira是一套缺陷跟踪管理系统。该系统主要用于对工作中各类问题、缺陷进行跟踪管理。Atlassian JIRA Data Center是Atlassian JIRA的数据中心版本。 Atlassian Jira Server和Data Center 8.13.19之前的版本，从8.14.0开始至8.20.7之前的版本，从8.21.0开始至8.22.1之前的版本存在

N/A

N/A