Path Traversal Vulnerability in Atlassian Jira Service Desk Server and Data Center
CVE-2019-14994

7.5HIGH

Key Information:

Vendor
Atlassian
Status
Jira Service Desk Server
Jira Service Desk Data Center
Vendor
CVE Published:
19 September 2019

Summary

The Customer Context Filter in Atlassian Jira Service Desk Server and Data Center prior to specific versions is susceptible to a path traversal vulnerability. This flaw allows remote attackers, who gain portal access, to view sensitive issues in Jira Service Desk projects. If the setting 'Anyone can email the service desk or raise a request in the portal' is enabled, attackers can exploit this vulnerability to escalate their privileges and access confidential information. This presents significant security risks, necessitating prompt updates and mitigation measures.

Affected Version(s)

Jira Service Desk Data Center < 3.9.16

Jira Service Desk Data Center 3.10.0

Jira Service Desk Data Center < 3.16.8

References

https://jira.atlassian.com/browse/JSDSERVER-6517
x_refsource_MISC
https://seclists.org/bugtraq/2019/Sep/39
mailing-listx_refsource_BUGTRAQ
http://packetstormsecurity.com/files/154574/Jira-Service-...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.