Authorization Bypass Vulnerability in Atlassian Jira Service Desk Products
CVE-2019-15003

5.3MEDIUM

Key Information:

Vendor

Atlassian
Status
Jira Service Desk Server
Jira Service Desk Data Center
Vendor
CVE Published:
7 November 2019

What is CVE-2019-15003?

An authorization bypass vulnerability exists in Atlassian Jira Service Desk Server and Data Center, allowing remote attackers with portal access to exploit this weakness. Attackers can gain unauthorized visibility into arbitrary issues within Jira Service Desk projects. This exploit can be triggered if the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, facilitating an unauthorized granting of portal access. Appropriate measures should be taken to mitigate this vulnerability and protect sensitive project information.

Affected Version(s)

Jira Service Desk Data Center < 3.9.17

Jira Service Desk Data Center 3.10.0

Jira Service Desk Data Center < 3.16.10

References

https://jira.atlassian.com/browse/JSDSERVER-6590
x_refsource_MISC
https://seclists.org/bugtraq/2019/Nov/9
mailing-listx_refsource_BUGTRAQ
http://packetstormsecurity.com/files/155214/Jira-Service-...
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.