Improper Authorization in Jira Server through ATST Plugin - CVE-2019-15005

2019-09-25T21:26:58
ID ATLASSIAN:JSWSERVER-20255
Type atlassian
Reporter security-metrics-bot
Modified 2019-12-10T03:24:03

Description

The Atlassian Troubleshooting and Support Tools (ATST) plugin prior to version 1.17.2 which was used in Jira Server & Jira Data Center before version 8.3.2, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into.