What is CVE-2019-20409?

CVE-2019-20409 is a critical-severity vulnerability in Atlassian Jira, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 9.8/10. Published 2020-06-23.

How severe is CVE-2019-20409?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Vulnerability in Atlassian Jira

CVE-2019-20409

The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerabilit…

EPSS: 0.025 (82.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Atlassian Jira
Atlassian Jira Server — versions unspecified
Atlassian Jira_software_data_center

Weakness classification (CWE)

CWE-74 — Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)

References

security@atlassian.com (x_refsource_MISC, Issue Tracking, Vendor Advisory)

Frequently asked questions

What is CVE-2019-20409?: CVE-2019-20409 is a critical-severity vulnerability in Atlassian Jira, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 9.8/10. Published 2020-06-23.
How severe is CVE-2019-20409?: Critical severity. CVSS v3 base score is 9.8 out of 10.