CVE-2019-15005

🗓️ 08 Nov 2019 03:55:12Reported by atlassianType

The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows unprivileged user to initiate log scans and send results to user-specified email. Vulnerable versions included with Bitbucket, Confluence, Jira, Crowd, Fisheye, Crucible, and Bamboo

Reporter	Title	Published	Views	Family All 22
Atlassian	Improper Authorization in Bambooo through ATST Plugin - CVE-2019-15005	26 Sep 201916:19	–	atlassian
Atlassian	Improper Authorization in Bitbucket Server through ATST Plugin - CVE-2019-15005	12 Sep 201920:01	–	atlassian
Atlassian	Improper Authorization in Confluence Server through ATST Plugin - CVE-2019-15005	25 Sep 201921:43	–	atlassian
Atlassian	Improper Authorization in Crowd through ATST Plugin - CVE-2019-15005	26 Sep 201916:06	–	atlassian
Atlassian	Improper Authorization in Fisheye & Crucible through ATST Plugin - CVE-2019-15005	26 Sep 201916:13	–	atlassian
Atlassian	Improper Authorization in Jira Server through ATST Plugin - CVE-2019-15005	25 Sep 201921:26	–	atlassian
Atlassian	Improper Authorization in Bambooo through ATST Plugin - CVE-2019-15005	26 Sep 201916:19	–	atlassian
Atlassian	Improper Authorization in Bitbucket Server through ATST Plugin - CVE-2019-15005	12 Sep 201920:01	–	atlassian
Atlassian	Improper Authorization in Confluence Server through ATST Plugin - CVE-2019-15005	25 Sep 201921:43	–	atlassian
Atlassian	Improper Authorization in Crowd through ATST Plugin - CVE-2019-15005	26 Sep 201916:06	–	atlassian

NVD

Node

atlassian troubleshooting_and_supportRange<1.17.2

Node

atlassian bambooRange<6.10.2

atlassian bitbucketRange<6.6.0

atlassian confluenceRange<7.0.1

atlassian crowdRange<3.6.0

atlassian crucibleRange<4.7.2

atlassian fisheyeRange<4.7.2

atlassian jiraRange<8.3.2

[
  {
    "product": "Bitbucket Server",
    "vendor": "Atlassian",
    "versions": [
      {
        "lessThan": "6.6.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Jira Server",
    "vendor": "Atlassian",
    "versions": [
      {
        "lessThan": "8.3.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Confluence Server",
    "vendor": "Atlassian",
    "versions": [
      {
        "lessThan": "7.0.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Crowd",
    "vendor": "Atlassian",
    "versions": [
      {
        "lessThan": "3.6.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Fisheye",
    "vendor": "Atlassian",
    "versions": [
      {
        "lessThan": "4.7.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Crucible",
    "vendor": "Atlassian",
    "versions": [
      {
        "lessThan": "4.7.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Bamboo",
    "vendor": "Atlassian",
    "versions": [
      {
        "lessThan": "6.10.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
jira	www.jira.atlassian.com/browse/BAM-20647
herolab	www.herolab.usd.de/security-advisories/usd-2019-0016/

17 Jun 2026 02:19Current

4.3Medium risk

Vulners AI Score4.3

CVSS 24

CVSS 3.14.3

EPSS0.01334

CWE-862