Authorization Bypass Vulnerability in Atlassian Jira Service Desk Products
CVE-2019-15003
5.3MEDIUM
Key Information:
- Vendor
- Atlassian
- Vendor
- CVE Published:
- 7 November 2019
Summary
An authorization bypass vulnerability exists in Atlassian Jira Service Desk Server and Data Center, allowing remote attackers with portal access to exploit this weakness. Attackers can gain unauthorized visibility into arbitrary issues within Jira Service Desk projects. This exploit can be triggered if the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, facilitating an unauthorized granting of portal access. Appropriate measures should be taken to mitigate this vulnerability and protect sensitive project information.
Affected Version(s)
Jira Service Desk Data Center < 3.9.17
Jira Service Desk Data Center 3.10.0
Jira Service Desk Data Center < 3.16.10
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved