CVE-2019-14994

Summary

The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.16, from version 3.10.0 before version 3.16.8, from version 4.0.0 before version 4.1.3, from version 4.2.0 before version 4.2.5, from version 4.3.0 before version 4.3.4, and version 4.4.0 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.

Affected Software

VendorProductVersion RangeStatus
AtlassianJira Service Desk Serverunspecified < 3.9.16affected
AtlassianJira Service Desk Server3.10.0 < unspecifiedaffected
AtlassianJira Service Desk Serverunspecified < 3.16.8affected
AtlassianJira Service Desk Server4.0.0 < unspecifiedaffected
AtlassianJira Service Desk Serverunspecified < 4.1.3affected
AtlassianJira Service Desk Server4.2.0 < unspecifiedaffected
AtlassianJira Service Desk Serverunspecified < 4.2.5affected
AtlassianJira Service Desk Server4.3.0 < unspecifiedaffected
AtlassianJira Service Desk Serverunspecified < 4.3.4affected
AtlassianJira Service Desk Server4.4.0affected
AtlassianJira Service Desk Data Centerunspecified < 3.9.16affected
AtlassianJira Service Desk Data Center3.10.0 < unspecifiedaffected
AtlassianJira Service Desk Data Centerunspecified < 3.16.8affected
AtlassianJira Service Desk Data Center4.0.0 < unspecifiedaffected
AtlassianJira Service Desk Data Centerunspecified < 4.1.3affected
AtlassianJira Service Desk Data Center4.2.0 < unspecifiedaffected
AtlassianJira Service Desk Data Centerunspecified < 4.2.5affected
AtlassianJira Service Desk Data Center4.3.0 < unspecifiedaffected
AtlassianJira Service Desk Data Centerunspecified < 4.3.4affected
AtlassianJira Service Desk Data Center4.4.0affected

Weaknesses

  • Path Traversal

ADP Enrichment

CVE Program Container

Additional References

References