admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-439xx/CVE-2021-43947.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

126 lines
4.3 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-43947",
"sourceIdentifier": "security@atlassian.com",
"published": "2022-01-06T01:15:07.917",
"lastModified": "2022-03-30T13:29:49.470",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution (RCE) vulnerability in the Email Templates feature. This issue bypasses the fix of https://jira.atlassian.com/browse/JSDSERVER-8665. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3."
},
{
"lang": "es",
"value": "Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos con privilegios de administrador ejecutar c\u00f3digo arbitrario por medio de una vulnerabilidad de Ejecuci\u00f3n de C\u00f3digo Remota (RCE) en la funcionalidad Email Templates. Este problema evita la correcci\u00f3n de https://jira.atlassian.com/browse/JSDSERVER-8665. Las versiones afectadas son anteriores a versi\u00f3n 8.13.15, y desde versi\u00f3n 8.14.0 hasta 8.20.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.13.15",
"matchCriteriaId": "2CCE06B7-9446-49F4-8B23-4544506E5143"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.13.15",
"matchCriteriaId": "EFC89A4F-566E-4CF3-962C-5F0985A2A9BF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.14.0",
"versionEndExcluding": "8.20.3",
"matchCriteriaId": "BDD3421F-7C67-4A9E-BAE2-1FD74F921BB9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.14.0",
"versionEndExcluding": "8.20.3",
"matchCriteriaId": "9025C857-EC16-431D-B3F9-4F10BE17C8A4"
}
]
}
]
}
],
"references": [
{
"url": "https://jira.atlassian.com/browse/JRASERVER-73067",
"source": "security@atlassian.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink