← volver
CVE-2019-15004

CVE-2019-15004

EPSS 3.9%
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS EPSS 3.9%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
07 nov 2019Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.
Productos afectados
Atlassian · Jira Service Desk Data CenterAtlassian · Jira Service Desk Server

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://packetstormsecurity.com/files/155214/Jira-Service-Desk-Server-Data-Center-Path-Traversal.htmlhttps://jira.atlassian.com/browse/JSDSERVER-6589https://seclists.org/bugtraq/2019/Nov/9