.. / CVE-2019-11581

Exploit for Atlassian Jira Server-Side Template Injection (CVE-2019-11581)

Description:

Jira Server and Data Center is susceptible to a server-side template injection vulnerability via the ContactAdministrators and SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.

Nuclei Template

View the template here CVE-2019-11581.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2019/CVE-2019-11581.yaml

References:

https://github.com/jas502n/CVE-2019-11581
https://github.com/0x48piraj/jiraffe
https://nvd.nist.gov/vuln/detail/CVE-2019-11581
https://github.com/bakery312/Vulhub-Reproduce
https://jira.atlassian.com/browse/JRASERVER-69532

.. / CVE-2019-11581 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Atlassian Jira Server-Side Template Injection (CVE-2019-11581)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2019-11581