nuclei-templates/cves/2019/CVE-2019-11581.yaml

id: CVE-2019-11581

info:
  name: Atlassian Jira template injection
  description: There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.
  author: ree4pwn
  severity: critical
  reference: https://github.com/jas502n/CVE-2019-11581
  tags: cve,cve2019,atlassian,jira,ssti,rce
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.80
    cve-id: CVE-2019-11581
    cwe-id: CWE-74

requests:
  - method: GET
    path:
      - "{{BaseURL}}/secure/ContactAdministrators!default.jspa"

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "\\(v4\\.4\\."
          - "\\(v5\\."
          - "\\(v6\\."
          - "\\(v7\\.[012345789]\\."
          - "\\(v7\\.1[0-2]\\."
          - "\\(v7\\.6\\.([0-9]|[1][0-3])"
          - "\\(v7\\.\\13\\.[0-4]"
          - "\\(v8\\.0\\.[0-2]"
          - "\\(v8\\.1\\.[0-1]"
          - "\\(v8\\.2\\.[0-2]"
        condition: or
        part: body

      - type: word
        words:
          - "Contact Site Administrators"
        part: body

      - type: word
        words:
          - "has not yet configured this contact form"
        part: body
        negative: true
Update and rename cve-2019-11581.yaml to CVE-2019-11581.yaml 2020-12-05 08:53:14 +00:00			`id: CVE-2019-11581`
cve-2019-11581 Jira template injection 2020-12-05 08:51:54 +00:00
			`info:`
			`name: Atlassian Jira template injection`
			`description: There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.`
			`author: ree4pwn`
Update CVE-2019-11581.yaml Fix syntax error 2020-12-05 09:00:05 +00:00			`severity: critical`
misc changes 2020-12-06 09:32:10 +00:00			`reference: https://github.com/jas502n/CVE-2019-11581`
Added tags to cves :sunglasses: (#813) * Added tags to cves :sunglasses: 2021-02-05 19:44:41 +00:00			`tags: cve,cve2019,atlassian,jira,ssti,rce`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`classification:`
			`cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`
			`cvss-score: 9.80`
			`cve-id: CVE-2019-11581`
			`cwe-id: CWE-74`
cve-2019-11581 Jira template injection 2020-12-05 08:51:54 +00:00
			`requests:`
			`- method: GET`
Update CVE-2019-11581.yaml 2020-12-05 09:21:28 +00:00			`path:`
cve-2019-11581 Jira template injection 2020-12-05 08:51:54 +00:00			`- "{{BaseURL}}/secure/ContactAdministrators!default.jspa"`
Improving matchers 2020-12-06 09:42:32 +00:00
			`matchers-condition: and`
cve-2019-11581 Jira template injection 2020-12-05 08:51:54 +00:00			`matchers:`
			`- type: regex`
			`regex:`
			`- "\\(v4\\.4\\."`
			`- "\\(v5\\."`
			`- "\\(v6\\."`
			`- "\\(v7\\.[012345789]\\."`
			`- "\\(v7\\.1[0-2]\\."`
			`- "\\(v7\\.6\\.([0-9]\|[1][0-3])"`
			`- "\\(v7\\.\\13\\.[0-4]"`
			`- "\\(v8\\.0\\.[0-2]"`
			`- "\\(v8\\.1\\.[0-1]"`
			`- "\\(v8\\.2\\.[0-2]"`
			`condition: or`
Improving matchers 2020-12-06 09:42:32 +00:00			`part: body`

			`- type: word`
			`words:`
			`- "Contact Site Administrators"`
Check if contact form is active 2021-02-24 13:26:43 +00:00			`part: body`

			`- type: word`
			`words:`
			`- "has not yet configured this contact form"`
			`part: body`
			`negative: true`