CVE-2020-14188

CRITICAL

Atlassian gajira-create <2.0.1 - RCE

Title source: llm

Description

The preprocessArgs function in the Atlassian gajira-create GitHub Action before version 2.0.1 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue.

References (1)

[Third Party Advisory] https://github.com/atlassian/gajira-create/security/advisories/GHSA-4xqx-pqpj-9fqw

Scores

CVSS v3 9.8

EPSS 0.0214

EPSS Percentile 83.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

Status published

Affected Products (2)

atlassian/jira_create < 2.0.1

GitHub Actions/atlassian/gajira-create < 2.0.1GitHub Actions

Timeline

Published Nov 09, 2020

Tracked Since Feb 18, 2026