CVE-2019-15004

Summary

The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.

Affected Software

VendorProductVersion RangeStatus
AtlassianJira Service Desk Serverunspecified < 3.9.17affected
AtlassianJira Service Desk Server3.10.0 < unspecifiedaffected
AtlassianJira Service Desk Serverunspecified < 3.16.10affected
AtlassianJira Service Desk Server4.0.0 < unspecifiedaffected
AtlassianJira Service Desk Serverunspecified < 4.2.6affected
AtlassianJira Service Desk Server4.3.0 < unspecifiedaffected
AtlassianJira Service Desk Serverunspecified < 4.3.5affected
AtlassianJira Service Desk Server4.4.0 < unspecifiedaffected
AtlassianJira Service Desk Serverunspecified < 4.4.3affected
AtlassianJira Service Desk Server4.5.0 < unspecifiedaffected
AtlassianJira Service Desk Serverunspecified < 4.5.1affected
AtlassianJira Service Desk Data Centerunspecified < 3.9.17affected
AtlassianJira Service Desk Data Center3.10.0 < unspecifiedaffected
AtlassianJira Service Desk Data Centerunspecified < 3.16.10affected
AtlassianJira Service Desk Data Center4.0.0 < unspecifiedaffected
AtlassianJira Service Desk Data Centerunspecified < 4.2.6affected
AtlassianJira Service Desk Data Center4.3.0 < unspecifiedaffected
AtlassianJira Service Desk Data Centerunspecified < 4.3.5affected
AtlassianJira Service Desk Data Center4.4.0 < unspecifiedaffected
AtlassianJira Service Desk Data Centerunspecified < 4.4.3affected
AtlassianJira Service Desk Data Center4.5.0 < unspecifiedaffected
AtlassianJira Service Desk Data Centerunspecified < 4.5.1affected

Weaknesses

  • Path Traversal

ADP Enrichment

CVE Program Container

Additional References

References