← voltar
CVE-2019-15004

CVE-2019-15004

EPSS 3.9%
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS EPSS 3.9%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
07 nov 2019Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.
Produtos afetados
Atlassian · Jira Service Desk Data CenterAtlassian · Jira Service Desk Server

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://packetstormsecurity.com/files/155214/Jira-Service-Desk-Server-Data-Center-Path-Traversal.htmlhttps://jira.atlassian.com/browse/JSDSERVER-6589https://seclists.org/bugtraq/2019/Nov/9