An endpoint in Atlassian Jira Server for Slack plugin from version 0.0.3 before version 2.0.15 allows remote attackers to execute arbitrary code via a template injection vulnerability.
References
| Link | Resource |
|---|---|
| https://confluence.atlassian.com/jira/jira-server-for-slack-security-advisory-17th-february-2021-1044091690.html | Patch Vendor Advisory |
Configurations
History
17 Feb 2022, 14:12
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:atlassian:jira_server_for_slack:*:*:*:*:*:*:*:* | |
| First Time |
Atlassian jira Server For Slack
|
26 Feb 2021, 17:11
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://confluence.atlassian.com/jira/jira-server-for-slack-security-advisory-17th-february-2021-1044091690.html - Patch, Vendor Advisory | |
| CPE | cpe:2.3:a:atlassian:jira:*:*:*:*:*:slack:*:* | |
| CWE | CWE-74 | |
| CVSS |
v2 : v3 : |
v2 : 9.0
v3 : 8.8 |
22 Feb 2021, 21:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2021-02-22 21:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-26068
Mitre link : CVE-2021-26068
CVE.ORG link : CVE-2021-26068
JSON object : View
Products Affected
atlassian
- jira_server_for_slack
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')