CVE-2019-11581: Critical Template Injection Vulnerability in Atlassian Jira Server and Data Center

Satnam Narang

Vulnerability introduced nearly eight years ago could lead to remote code execution on vulnerable Jira Server and Data Center systems.

Background

On July 10, Atlassian published Security Advisory 2019-07-10 to address a critical vulnerability in Jira Server and Jira Data Center. Jira Server manages and controls Atlassian’s Jira ticketing system, while Jira Data Center allows administrators to manage business-wide management and scalability of Jira Servers.

Analysis

CVE-2019-11581 is a server-side template injection vulnerability in “various resources” of Jira Server and Data Center. According to the advisory, the vulnerability was introduced in version 4.4.0, which was released in August 2011, making this vulnerability nearly eight years old.

The template injection vulnerability exists within the ContactAdministrators and SendBulkMail actions in Jira Server and Data Center. However, in order to exploit the vulnerability, an SMTP server needs to be configured, and either the Contact Administrators Form needs to be enabled (unauthenticated attack), or the attacker has “JIRA Administrators” access (authenticated attack). Exploitation of this vulnerability would grant an attacker the ability to remotely execute code on the vulnerable Jira system.

Proof of concept

At the time of publishing, there was no proof of concept (PoC) available. However, similar to what transpired following the Atlassian advisory for the Confluence Widget Connector vulnerabilities (CVE-2019-3395, CVE-2019-3396) in March 2019, we anticipate that PoCs will emerge in the near future.

Solution

As noted in the Analysis section, CVE-2019-11581 was introduced in Jira Server and Data Center version 4.4.0. The patched versions that address this vulnerability include 8.0.3, 8.1.2, 8.2.3 and Enterprise releases 7.6.14 and 7.13.5. The following table lists the vulnerable versions and associated fixed versions.

Affected Version Fixed Version 4.4.x 7.6.14, 7.13.5, 8.0.3, 8.1.2, 8.2.3 5.x.x 7.6.14, 7.13.5, 8.0.3, 8.1.2, 8.2.3 6.x.x 7.6.14, 7.13.5, 8.0.3, 8.1.2, 8.2.3 7.0.x 7.6.14, 7.13.5, 8.0.3, 8.1.2, 8.2.3 7.1.x 7.6.14, 7.13.5, 8.0.3, 8.1.2, 8.2.3 7.2.x 7.6.14, 7.13.5, 8.0.3, 8.1.2, 8.2.3 7.3.x 7.6.14, 7.13.5, 8.0.3, 8.1.2, 8.2.3 7.4.x 7.6.14, 7.13.5, 8.0.3, 8.1.2, 8.2.3 7.5.x 7.6.14, 7.13.5, 8.0.3, 8.1.2, 8.2.3 7.6.x before 7.6.14 7.6.14, 7.13.5 (Enterprise Releases) 7.7.x 7.13.5, 8.0.3, 8.1.2, 8.2.3 7.8.x 7.13.5, 8.0.3, 8.1.2, 8.2.3 7.9.x 7.13.5, 8.0.3, 8.1.2, 8.2.3 7.10.x 7.13.5, 8.0.3, 8.1.2, 8.2.3 7.11.x 7.13.5, 8.0.3, 8.1.2, 8.2.3 7.12.x 7.13.5, 8.0.3, 8.1.2, 8.2.3 7.13.x before 7.13.5 7.13.5 (Enterprise Release) 8.0.x before 8.0.3 8.0.3 8.1.x before 8.1.2 8.1.2 8.2.x before 8.2.3 8.2.3

Atlassian also advises that customers who have installed Jira Service Desk version 3.0.0 before 4.2.3 may also be affected by this vulnerability. They have provided a compatibility matrix to help identify whether or not the Jira Service Desk version is affected.

Atlassian also notes that Jira Cloud customers are not affected by this vulnerability.

If upgrading to a patched version of Jira Server or Data Center is not currently feasible, Atlassian recommends the following temporary workarounds:

Identifying affected systems

A list of Tenable plugins to identify this vulnerability will appear here as they’re released.

Additionally, Atlassian has provided a support document to help identify if an attacker has compromised a Jira instance using CVE-2019-11851.

Get more information

Join Tenable's Security Response Team on the Tenable Community.

Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface.

Get a free 60-day trial of Tenable.io.

Read more >

Published on Jul 11, 2019

People also viewed

Senior Financial Analyst - Corporate Development

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Finance Finance
Your Role:Become a core member of Tenable’s internal corporate development team and assist with business, financial and valuation modeling for mergers, acquisitions and other strategic investments and initiatives.  Assist with evaluating elements ...

Cloud Security Intern

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Information Technology Internships
Your Role: The Cloud Security Intern will help Tenable secure their use of cloud systems across the company.  The intern will develop, implement and monitor security solutions for the cloud that assess risk, keeps Tenable data safe and bake in sec...

Salesforce Administrator

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Business Platforms Business Platforms
Your Role:Tenable Network Security is looking for a Salesforce.com Administrator to join our internal business platforms team. The qualified candidate will engage in the administration of Tenable’s  Salesforce.com instance, play a key role in the ...

Technical Support Intern

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Technical Support Internships
Your Role: The Technical Support Intern provides consistent, world-class security, network, and product support for specific Tenable products. In serving as the primary liaison between the company and customer, the Technical Support Intern resolve...

Research Intern - Plugin Automation

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Research Internships
Your Role: Tenable Research is looking for a Software Engineer Intern for the Plugin Automation team.  The position will involve developing frameworks for automated content creation, and processes for validating and publishing the content that is ...

Sales Development Manager

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Lead Generation Sales
Your Role:Tenable is looking for an experienced SDR Manager that will report to the Senior Director of Worldwide Sales Development and is responsible for ensuring the success of the Americas Tenable Sales Development team’s goals, as well as contr...

We have big plans for continued global growth, and we’re looking for people who are creative, flexible and dedicated to helping us build something great – something that matters.