Description

Affected versions of Automation for Jira - Server allowed remote attackers to read and render files as mustache templates in files inside the WEB-INF/classes & <jira-installation>/jira/bin directories via a template injection vulnerability in Jira smart values using mustache partials. The affected versions are those before version 7.1.15.

Remediation

References

CVE-2020-14193

Related Vulnerabilities

Joomla Improper Input Validation Vulnerability (CVE-2015-8562)

WordPress Plugin Post Lists View Custom Cross-Site Scripting (1.7.1)

Perl Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-6329)

Plone CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-32633)

Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2022-26595)

Severity

Medium

Classification

CVE-2020-14193 CWE-138

Tags

Missing Update Known Vulnerabilities