Lucene search
AtlassianCVELIST:CVE-2019-15003HistoryNov 07, 2019 - 12:00 a.m.
CVE-2019-15003
2019-11-0700:00:00
atlassian
www.cve.org
The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via authorization bypass. Note that when the ‘Anyone can email the service desk or raise a request in the portal’ setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.
CNA Affected
[
{
"product": "Jira Service Desk Server",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "3.9.17",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "3.10.0",
"versionType": "custom"
},
{
"lessThan": "3.16.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThan": "4.2.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.3.0",
"versionType": "custom"
},
{
"lessThan": "4.3.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.4.0",
"versionType": "custom"
},
{
"lessThan": "4.4.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.5.0",
"versionType": "custom"
},
{
"lessThan": "4.5.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Jira Service Desk Data Center",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "3.9.17",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "3.10.0",
"versionType": "custom"
},
{
"lessThan": "3.16.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThan": "4.2.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.3.0",
"versionType": "custom"
},
{
"lessThan": "4.3.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.4.0",
"versionType": "custom"
},
{
"lessThan": "4.4.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "4.5.0",
"versionType": "custom"
},
{
"lessThan": "4.5.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
prion
prion
Authorization
2019-11-07 04:15:00
cve
cve
CVE-2019-15003
2019-11-07 04:15:10
nvd
nvd
CVE-2019-15003
2019-11-07 04:15:10
symantec
symantec
atlassian
atlassian
URL path traversal allows information disclosure - CVE-2019-15004
2019-10-11 03:12:10
Authorization bypass allows information disclosure - CVE-2019-15003
2019-10-11 03:21:44
URL path traversal allows information disclosure - CVE-2019-15004
2019-10-11 03:12:10