Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2019-15003
HistoryNov 07, 2019 - 4:15 a.m.

CVE-2019-15003

2019-11-0704:15:10
CWE-22
[email protected]
web.nvd.nist.gov
4

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

0.002

Percentile

60.9%

JSON

The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via authorization bypass. Note that when the ‘Anyone can email the service desk or raise a request in the portal’ setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.

Affected configurations

Nvd
Node
atlassianjira_service_deskRange<3.9.17data_center
OR
atlassianjira_service_deskRange<3.9.17server
OR
atlassianjira_service_deskRange3.10.03.16.10data_center
OR
atlassianjira_service_deskRange3.10.03.16.10server
OR
atlassianjira_service_deskRange4.0.04.2.6data_center
OR
atlassianjira_service_deskRange4.0.04.2.6server
OR
atlassianjira_service_deskRange4.3.04.3.5data_center
OR
atlassianjira_service_deskRange4.3.04.3.5server
OR
atlassianjira_service_deskRange4.4.04.4.3data_center
OR
atlassianjira_service_deskRange4.4.04.4.3server
OR
atlassianjira_service_deskRange4.5.04.5.1data_center
OR
atlassianjira_service_deskRange4.5.04.5.1server
VendorProductVersionCPE
atlassianjira_service_desk*cpe:2.3:a:atlassian:jira_service_desk:*:*:*:*:data_center:*:*:*
atlassianjira_service_desk*cpe:2.3:a:atlassian:jira_service_desk:*:*:*:*:server:*:*:*

Related

prion 1
cvelist 1
cve 1
symantec 1
atlassian 4
prion
prion
Authorization
2019-11-07 04:15:00
cvelist
cvelist
CVE-2019-15003
2019-11-07 03:35:38
cve
cve
CVE-2019-15003
2019-11-07 04:15:10
symantec
symantec
Atlassian Jira Service Desk Server and Data Center Multiple Security Vulnerabilities
2019-11-06 00:00:00
atlassian
atlassian
URL path traversal allows information disclosure - CVE-2019-15004
2019-10-11 03:12:10
URL path traversal allows information disclosure - CVE-2019-15004
2019-10-11 03:12:10
Authorization bypass allows information disclosure - CVE-2019-15003
2019-10-11 03:21:44

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.3

Confidence

High

EPSS

0.002

Percentile

60.9%

JSON
Related for NVD:CVE-2019-15003
prion1cvelist1cve1symantec1atlassian4