{"id":9059,"date":"2019-07-29T07:13:44","date_gmt":"2019-07-29T07:13:44","guid":{"rendered":"https:\/\/nsfocusglobal.com\/?p=9059"},"modified":"2026-04-17T18:07:52","modified_gmt":"2026-04-17T18:07:52","slug":"atlassian-jira-unauthorized-template-injection-vulnerability-cve-2019-11581-threat-alert","status":"publish","type":"post","link":"https:\/\/nsfocusglobal.com\/pt-br\/atlassian-jira-unauthorized-template-injection-vulnerability-cve-2019-11581-threat-alert\/","title":{"rendered":"Atlassian Jira Unauthorized Template Injection Vulnerability (CVE-2019-11581) Threat Alert"},"content":{"rendered":"<p><!DOCTYPE html PUBLIC \"-\/\/W3C\/\/DTD HTML 4.0 Transitional\/\/EN\" \"http:\/\/www.w3.org\/TR\/REC-html40\/loose.dtd\"><br \/>\n<html><body><\/p>\n<h2><strong>1 Vulnerability Description<\/strong><\/h2>\n<p>Recently, the Jira vendor released a security advisory on a template injection vulnerability in Jira Server and Jira Data Center, which could cause remote code execution when either of the following conditions is met:<\/p>\n<ol>\n<li>An SMTP server has been configured in Jira and the Contact Administrators Form is enabled.<\/li>\n<li>An SMTP server has been configured in Jira and an attacker has &#8220;Jira Administrators&#8221; access.<\/li>\n<\/ol>\n<p><!--more--><\/p>\n<p>Jira is a project and issue tracking tool developed by Atlassian. It is widely used in such areas as bug tracking, customer service, requirement collection, process review, task tracking, project tracking, and agile management. The full-featured Jira is characterized by flexible configuration, ease of deployment, and diverse extensions. Considering its wide scope of application, users are advised to immediately check their installations for this vulnerability to nip the security risk in the bud.<\/p>\n<p>Reference:<\/p>\n<p>https:\/\/confluence.atlassian.com\/jira\/jira-security-advisory-2019-07-10-973486595.html<\/p>\n<h2><strong>2 Scope of Impact<\/strong><\/h2>\n<p><strong>Affected Versions<\/strong><\/p>\n<ul>\n<li>Jira 4.4.0 &lt; 7.6.14<\/li>\n<li>Jira 7.7.0 &lt; 7.13.5<\/li>\n<li>Jira 8.0.0 &lt; 8.0.3<\/li>\n<li>Jira 8.1.0 &lt; 8.1.2<\/li>\n<li>Jira 8.2.0 &lt; 8.2.3<\/li>\n<\/ul>\n<p><strong>Unaffected Versions<\/strong><\/p>\n<ul>\n<li>Jira 7.6.14<\/li>\n<li>Jira 7.13.5<\/li>\n<li>Jira 8.0.3<\/li>\n<li>Jira 8.1.2<\/li>\n<li>Jira 8.2.3<\/li>\n<\/ul>\n<h2><strong>3 Mitigation<\/strong><\/h2>\n<h3><strong>3.1 Official Fix<\/strong><\/h3>\n<p>The Jira vendor has released the latest versions to fix this vulnerability, which can be found at the links listed below.<\/p>\n<table width=\"529\">\n<thead>\n<tr>\n<td width=\"95\">Version<\/td>\n<td width=\"454\">Download Link<\/td>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td width=\"95\">7.6.14<\/td>\n<td width=\"454\">https:\/\/marketplace.atlassian.com\/download\/apps\/1213607\/version\/706014<\/td>\n<\/tr>\n<tr>\n<td width=\"95\">7.13.5<\/td>\n<td width=\"454\">https:\/\/marketplace.atlassian.com\/download\/apps\/1213607\/version\/713005<\/td>\n<\/tr>\n<tr>\n<td width=\"95\">8.0.3<\/td>\n<td width=\"454\">https:\/\/marketplace.atlassian.com\/download\/apps\/1213607\/version\/800003<\/td>\n<\/tr>\n<tr>\n<td width=\"95\">8.1.2<\/td>\n<td width=\"454\">https:\/\/marketplace.atlassian.com\/download\/apps\/1213607\/version\/801002<\/td>\n<\/tr>\n<tr>\n<td width=\"95\">8.2.3<\/td>\n<td width=\"454\">https:\/\/marketplace.atlassian.com\/download\/apps\/1213607\/version\/802003<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<h3><strong>3.2 Workaround<\/strong><\/h3>\n<p>Users who cannot immediately upgrade Jira can use the following temporary workaround:<\/p>\n<ol>\n<li>Disable the Contact Administrators Form:<\/li>\n<\/ol>\n<ul>\n<li>Click and select <strong>System<\/strong>.<\/li>\n<li>Select General Configuration.<\/li>\n<li>Click Edit Settings.<\/li>\n<li>Scroll down to the Contact Administrators Form and set it to <strong>OFF<\/strong>.\n<ol start=\"2\">\n<li>Block access to the \/secure\/admin\/SendBulkMail!default.jspa endpoint.<\/li>\n<\/ol>\n<\/li>\n<\/ul>\n<p><strong><br \/>\n<\/strong><\/p>\n<h2><strong>4 Technical Analysis<\/strong><\/h2>\n<p>First, a payload is crafted to generate an email.<\/p>\n<p><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-1.jpg\"><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone size-full wp-image-9060\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-1.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" width=\"690\" height=\"327\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-1.jpg 690w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-1-300x142.jpg 300w\" sizes=\"(max-width: 690px) 100vw, 690px\" \/><\/a><\/p>\n<p>The posted data reaches the setActionProperty() method of the JiraSafeActionParameterSetter class.<\/p>\n<p><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-2.jpg\"><img decoding=\"async\" class=\"alignnone size-full wp-image-9061\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-2.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" width=\"697\" height=\"449\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-2.jpg 697w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-2-300x193.jpg 300w\" sizes=\"(max-width: 697px) 100vw, 697px\" \/><\/a><\/p>\n<p>The ContactAdministrators.setSubject() method is reflectively invoked to set the subject attribute of the ContactAdministrators object to the passed-in content. Then the send() method is invoked via ContactAdministrators.doExecute() to find activated administrators in the system before sending the email to such an administrator via this.sendTo(administrator).<\/p>\n<p><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-3.jpg\"><img decoding=\"async\" class=\"alignnone size-full wp-image-9062\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-3.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" width=\"996\" height=\"235\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-3.jpg 996w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-3-300x71.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-3-768x181.jpg 768w\" sizes=\"(max-width: 996px) 100vw, 996px\" \/><\/a><\/p>\n<p>In the sendTo() process, Jira needs to create an email queue object with the EmailBuilder() method and then put the object in the email sending queue. Owing to the queue wait time, we have to wait a while for the payload to be triggered. If the email fails to be sent, the system will attempt to send it again. Therefore, the payload can be triggered multiple times.<\/p>\n<p><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-4.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-9063\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-4.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" width=\"927\" height=\"235\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-4.jpg 927w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-4-300x76.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-4-768x195.jpg 768w\" sizes=\"(max-width: 927px) 100vw, 927px\" \/><\/a><\/p>\n<p>The method for creating a queue takes some time to explain. Simply put, it works like this: MailQueueItem item = (<strong>new<\/strong> EmailBuilder()).withSubject(<strong>this<\/strong>.subject).withBodyFromFile().addParameters().renderLater();<\/p>\n<p>The withSubject() method of EmailBuilder is used to create a TemplateSources$fragment object. The parameter is the payload previously passed in. Then the renderLater() method is invoked to create an EmailBuilder object, which, as a parameter, is then passed to the RenderingMailQueueItem class (its inheritance relationship is shown in the following figure). Finally, a MailQueueItem object is created and put in the email sending queue.<\/p>\n<p><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-5.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-9064\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-5.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" width=\"447\" height=\"563\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-5.jpg 447w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-5-238x300.jpg 238w\" sizes=\"(max-width: 447px) 100vw, 447px\" \/><\/a><\/p>\n<p>After we inject the payload into a template, the email enters the to-be-sent queue. In Jira, the process of handling email queues is as follows:<\/p>\n<p>Use the templating engine (getTemplatingEngine) to generate a Velocity template and use the applying() method to generate a RenderRequest object. For different <em>source<\/em> (member variable) types of objects, different methods are invoked to parse the template. The vulnerability in question stems from this difference. Following is a detailed analysis of this process.<\/p>\n<p>First, use the RenderingMailQueueItem().send() method to invoke the this.emailRenderer.render() method, and then invoke this.getTemplatingEngine().render(this.subjectTemplate).applying(contextParams).asPlainText();.<\/p>\n<p>In this process, the first steps are for obtaining the templating engine (VelocityTemplatingEngine) and passing the subject template (here it is the payload data), and then using the applying() method to create a VelocityContext object and populating the payload to the member variable <em>source<\/em>.<\/p>\n<p><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-6.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-9065\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-6.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" width=\"714\" height=\"294\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-6.jpg 714w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-6-300x124.jpg 300w\" sizes=\"(max-width: 714px) 100vw, 714px\" \/><\/a><\/p>\n<p>Subsequently, the with() method of the abstract class StringRepresentation is rewritten, in which the asPlainText method is invoked:<\/p>\n<p><em>DefaultRenderRequest.this.asPlainText(sw)<\/em><\/p>\n<p>The function of asPlainText() is to parse templates using the Velocity templating engine. The invocation chain is as follows:<\/p>\n<p>toWriterImpl()-&gt;writeEncodedBodyForContent()-&gt;evaluate()<\/p>\n<p>In the evaluate() method, an AST structure is generated. Then the passed-in payload is reflectively invoked to complete code execution.<\/p>\n<p><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-7.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-9066\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-7.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" width=\"758\" height=\"211\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-7.jpg 758w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-7-300x84.jpg 300w\" sizes=\"(max-width: 758px) 100vw, 758px\" \/><\/a><\/p>\n<p>The invocation stack after asPlainText() is as follows:<\/p>\n<p><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-8.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-9067\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-8.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" width=\"706\" height=\"365\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-8.jpg 706w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-8-300x155.jpg 300w\" sizes=\"(max-width: 706px) 100vw, 706px\" \/><\/a><\/p>\n<p>After the Object template is processed, the send() method of the parent class SingleMailQueueItem is invoked to send the email via smtpMailServer.sendWithMessageId(). Because of improper configuration, the SMTP server will throw an exception. However, the vulnerability has already been triggered before connection to the SMTP server. The MailQueue execution process is also visible to the console.<\/p>\n<p><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-9.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-9068\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-9.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" width=\"943\" height=\"326\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-9.jpg 943w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-9-300x104.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-9-768x266.jpg 768w\" sizes=\"(max-width: 943px) 100vw, 943px\" \/><\/a><\/p>\n<p>The complete vulnerability exploitation process is as such. However, a critical problem is still unclear: Why is the email subject parsed into an AST structure and finally executed? According to the normal feedback sending logic, the subject (string) of an email does not need to be parsed into AST. What caused this variance?<\/p>\n<p>Let&#8217;s walk through the process again by sending a normal &#8220;contact administrators&#8221; email.<\/p>\n<p><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-10.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-9069\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-10.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" width=\"914\" height=\"755\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-10.jpg 914w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-10-300x248.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/07\/0729-10-768x634.jpg 768w\" sizes=\"(max-width: 914px) 100vw, 914px\" \/><\/a><\/p>\n<p>When normal feedback is sent, this.getVe().mergeTemplate is invoked in writeEncodedBody(). The template file (templates\/email\/html\/contactadministrator.vm) is loaded via the getResourceStream() method of the ClasspathResourceLoader() class of the Velocity engine. Subsequently, the header and footer are loaded as expected. Finally, the entire page is rendered. In contrast, when the payload is sent, the TemplateSource$Fragment object is created via asPlainText(), and this Fragment object is populated to <em>source<\/em> via the DefaultRenderRequest method. Now comes the first divergence, where this.getVe().evaluate() is invoked and finally ASTMethod.execute() is invoked. This is a different processing logic caused by the variance we mentioned before.<\/p>\n<p>Let&#8217;s look back on the general Velocity rendering process: The Velocity rendering engine first loads a template file to memory, then parses this file into the AST structure and initializes each node in the AST. When the same template file needs to be loaded later, if the cache is enabled, the template will directly be returned. This way of utilizing cached resources reduces the overhead for loading files from disks and parsing them into AST again.<\/p>\n<p>The ASTMethod.execute() method is originally designed to complete normal template rendering actions, such as obtaining the background color, text content, and page code, via reflective invocation in the process of Velocity parsing templates. However, via carefully crafted data, an attacker ingeniously exploits this vulnerability to have java.lang.Runtime.getRuntime executed via reflective invocation, leading to command execution.<\/p>\n<h2><strong>Appendix<\/strong><\/h2>\n<ul>\n<li>\n<h3><strong>Statement<\/strong><\/h3>\n<\/li>\n<\/ul>\n<p>This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and\/or indirect consequences and losses caused by transmitting and\/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add\/delete any information to\/from it, or use this advisory for commercial purposes without permission from NSFOCUS.<\/p>\n<ul>\n<li>\n<h3><strong>About NSFOCUS<\/strong><\/h3>\n<\/li>\n<\/ul>\n<p>NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company&#8217;s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.<\/p>\n<p>NSFOCUS works with Fortune Global 500 companies, including four of the world&#8217;s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA).<\/p>\n<p>A wholly owned subsidiary of NSFOCUS Information Technology Co. Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.<\/body><\/html><\/p>\n","protected":false},"excerpt":{"rendered":"<p>1 Vulnerability Description Recently, the Jira vendor released a security advisory on a template injection vulnerability in Jira Server and Jira Data Center, which could cause remote code execution when either of the following conditions is met: An SMTP server has been configured in Jira and the Contact Administrators Form is enabled. An SMTP server [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":8765,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","footnotes":""},"categories":[6],"tags":[103],"class_list":["post-9059","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-emergency-response","tag-atlassian-jira"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Atlassian Jira Unauthorized Template Injection Vulnerability (CVE-2019-11581) Threat Alert - NSFOCUS<\/title>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Atlassian Jira Unauthorized Template Injection Vulnerability (CVE-2019-11581) Threat Alert - NSFOCUS\" \/>\n<meta property=\"og:description\" content=\"1 Vulnerability Description Recently, the Jira vendor released a security advisory on a template injection vulnerability in Jira Server and Jira Data\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nsfocusglobal.com\/atlassian-jira-unauthorized-template-injection-vulnerability-cve-2019-11581-threat-alert\/\" \/>\n<meta property=\"og:site_name\" content=\"NSFOCUS\" \/>\n<meta property=\"article:published_time\" content=\"2019-07-29T07:13:44+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-17T18:07:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/05\/1108-1.jpg\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Atlassian Jira Unauthorized Template Injection Vulnerability (CVE-2019-11581) Threat Alert - NSFOCUS\" \/>\n<meta name=\"twitter:description\" content=\"1 Vulnerability Description Recently, the Jira vendor released a security advisory on a template injection vulnerability in Jira Server and Jira Data\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/05\/1108-1.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/atlassian-jira-unauthorized-template-injection-vulnerability-cve-2019-11581-threat-alert\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/atlassian-jira-unauthorized-template-injection-vulnerability-cve-2019-11581-threat-alert\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\"},\"headline\":\"Atlassian Jira Unauthorized Template Injection Vulnerability (CVE-2019-11581) Threat Alert\",\"datePublished\":\"2019-07-29T07:13:44+00:00\",\"dateModified\":\"2026-04-17T18:07:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/atlassian-jira-unauthorized-template-injection-vulnerability-cve-2019-11581-threat-alert\\\/\"},\"wordCount\":1338,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/atlassian-jira-unauthorized-template-injection-vulnerability-cve-2019-11581-threat-alert\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2019\\\/05\\\/1108-1.jpg\",\"keywords\":[\"Atlassian Jira\"],\"articleSection\":[\"Emergency Response\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/atlassian-jira-unauthorized-template-injection-vulnerability-cve-2019-11581-threat-alert\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/atlassian-jira-unauthorized-template-injection-vulnerability-cve-2019-11581-threat-alert\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/atlassian-jira-unauthorized-template-injection-vulnerability-cve-2019-11581-threat-alert\\\/\",\"name\":\"Atlassian Jira Unauthorized Template Injection Vulnerability (CVE-2019-11581) Threat Alert - NSFOCUS\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/atlassian-jira-unauthorized-template-injection-vulnerability-cve-2019-11581-threat-alert\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/atlassian-jira-unauthorized-template-injection-vulnerability-cve-2019-11581-threat-alert\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2019\\\/05\\\/1108-1.jpg\",\"datePublished\":\"2019-07-29T07:13:44+00:00\",\"dateModified\":\"2026-04-17T18:07:52+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/atlassian-jira-unauthorized-template-injection-vulnerability-cve-2019-11581-threat-alert\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/atlassian-jira-unauthorized-template-injection-vulnerability-cve-2019-11581-threat-alert\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/atlassian-jira-unauthorized-template-injection-vulnerability-cve-2019-11581-threat-alert\\\/#primaryimage\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2019\\\/05\\\/1108-1.jpg\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2019\\\/05\\\/1108-1.jpg\",\"width\":595,\"height\":374,\"caption\":\"Hacker with digital dollar symbol overlay.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/atlassian-jira-unauthorized-template-injection-vulnerability-cve-2019-11581-threat-alert\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nsfocusglobal.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Atlassian Jira Unauthorized Template Injection Vulnerability (CVE-2019-11581) Threat Alert\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"name\":\"NSFOCUS\",\"description\":\"Security Made Smart and Simple\",\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\",\"name\":\"NSFOCUS\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"width\":248,\"height\":36,\"caption\":\"NSFOCUS\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/nsfocusglobal.com\"],\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Atlassian Jira Unauthorized Template Injection Vulnerability (CVE-2019-11581) Threat Alert - NSFOCUS","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"pt_BR","og_type":"article","og_title":"Atlassian Jira Unauthorized Template Injection Vulnerability (CVE-2019-11581) Threat Alert - NSFOCUS","og_description":"1 Vulnerability Description Recently, the Jira vendor released a security advisory on a template injection vulnerability in Jira Server and Jira Data","og_url":"https:\/\/nsfocusglobal.com\/atlassian-jira-unauthorized-template-injection-vulnerability-cve-2019-11581-threat-alert\/","og_site_name":"NSFOCUS","article_published_time":"2019-07-29T07:13:44+00:00","article_modified_time":"2026-04-17T18:07:52+00:00","og_image":[{"url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/05\/1108-1.jpg","type":"","width":"","height":""}],"author":"admin","twitter_card":"summary_large_image","twitter_title":"Atlassian Jira Unauthorized Template Injection Vulnerability (CVE-2019-11581) Threat Alert - NSFOCUS","twitter_description":"1 Vulnerability Description Recently, the Jira vendor released a security advisory on a template injection vulnerability in Jira Server and Jira Data","twitter_image":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/05\/1108-1.jpg","twitter_misc":{"Escrito por":"admin","Est. tempo de leitura":"7 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nsfocusglobal.com\/atlassian-jira-unauthorized-template-injection-vulnerability-cve-2019-11581-threat-alert\/#article","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/atlassian-jira-unauthorized-template-injection-vulnerability-cve-2019-11581-threat-alert\/"},"author":{"name":"admin","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d"},"headline":"Atlassian Jira Unauthorized Template Injection Vulnerability (CVE-2019-11581) Threat Alert","datePublished":"2019-07-29T07:13:44+00:00","dateModified":"2026-04-17T18:07:52+00:00","mainEntityOfPage":{"@id":"https:\/\/nsfocusglobal.com\/atlassian-jira-unauthorized-template-injection-vulnerability-cve-2019-11581-threat-alert\/"},"wordCount":1338,"commentCount":0,"publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"image":{"@id":"https:\/\/nsfocusglobal.com\/atlassian-jira-unauthorized-template-injection-vulnerability-cve-2019-11581-threat-alert\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/05\/1108-1.jpg","keywords":["Atlassian Jira"],"articleSection":["Emergency Response"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nsfocusglobal.com\/atlassian-jira-unauthorized-template-injection-vulnerability-cve-2019-11581-threat-alert\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nsfocusglobal.com\/atlassian-jira-unauthorized-template-injection-vulnerability-cve-2019-11581-threat-alert\/","url":"https:\/\/nsfocusglobal.com\/atlassian-jira-unauthorized-template-injection-vulnerability-cve-2019-11581-threat-alert\/","name":"Atlassian Jira Unauthorized Template Injection Vulnerability (CVE-2019-11581) Threat Alert - NSFOCUS","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nsfocusglobal.com\/atlassian-jira-unauthorized-template-injection-vulnerability-cve-2019-11581-threat-alert\/#primaryimage"},"image":{"@id":"https:\/\/nsfocusglobal.com\/atlassian-jira-unauthorized-template-injection-vulnerability-cve-2019-11581-threat-alert\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/05\/1108-1.jpg","datePublished":"2019-07-29T07:13:44+00:00","dateModified":"2026-04-17T18:07:52+00:00","breadcrumb":{"@id":"https:\/\/nsfocusglobal.com\/atlassian-jira-unauthorized-template-injection-vulnerability-cve-2019-11581-threat-alert\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nsfocusglobal.com\/atlassian-jira-unauthorized-template-injection-vulnerability-cve-2019-11581-threat-alert\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/atlassian-jira-unauthorized-template-injection-vulnerability-cve-2019-11581-threat-alert\/#primaryimage","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/05\/1108-1.jpg","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/05\/1108-1.jpg","width":595,"height":374,"caption":"Hacker with digital dollar symbol overlay."},{"@type":"BreadcrumbList","@id":"https:\/\/nsfocusglobal.com\/atlassian-jira-unauthorized-template-injection-vulnerability-cve-2019-11581-threat-alert\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nsfocusglobal.com\/"},{"@type":"ListItem","position":2,"name":"Atlassian Jira Unauthorized Template Injection Vulnerability (CVE-2019-11581) Threat Alert"}]},{"@type":"WebSite","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website","url":"https:\/\/nsfocusglobal.com\/pt-br\/","name":"NSFOCUS","description":"Security Made Smart and Simple","publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nsfocusglobal.com\/pt-br\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization","name":"NSFOCUS","url":"https:\/\/nsfocusglobal.com\/pt-br\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","width":248,"height":36,"caption":"NSFOCUS"},"image":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d","name":"admin","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/nsfocusglobal.com"],"url":"https:\/\/nsfocusglobal.com\/pt-br\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/9059","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/comments?post=9059"}],"version-history":[{"count":0,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/9059\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media\/8765"}],"wp:attachment":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media?parent=9059"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/categories?post=9059"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/tags?post=9059"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}