CVE-2021-26068
HIGHAtlassian Jira Server for Slack 0.0.3-2.0.14 - Remote Code Execution via Template Injection
Title source: llmDescription
An endpoint in Atlassian Jira Server for Slack plugin from version 0.0.3 before version 2.0.15 allows remote attackers to execute arbitrary code via a template injection vulnerability.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://confluence.atlassian.com/jira/jira-server-for-slack-security-advisory-17th-february-2021-1044091690.html
Scores
CVSS v3
8.8
EPSS
0.0434
EPSS Percentile
89.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-74
Status
published
Products (1)
atlassian/jira_server_for_slack
0.0.3 - 2.0.15
Published
Feb 22, 2021
Tracked Since
Feb 18, 2026