Authorization

🗓️ 08 Nov 2019 04:15:00Reported by PRIOn knowledge baseType

The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. A vulnerable version of the plugin is included with Bitbucket Server / Data Center before 6.6.0, Confluence Server / Data Center before 7.0.1, Jira Server / Data Center before 8.3.2, Crowd / Crowd Data Center before 3.6.0, Fisheye before 4.7.2, Crucible before 4.7.2, and Bamboo before 6.10.2

Reporter	Title	Published	Views	Family All 22
Atlassian	Improper Authorization in Bambooo through ATST Plugin - CVE-2019-15005	26 Sep 201916:19	–	atlassian
Atlassian	Improper Authorization in Bitbucket Server through ATST Plugin - CVE-2019-15005	12 Sep 201920:01	–	atlassian
Atlassian	Improper Authorization in Confluence Server through ATST Plugin - CVE-2019-15005	25 Sep 201921:43	–	atlassian
Atlassian	Improper Authorization in Crowd through ATST Plugin - CVE-2019-15005	26 Sep 201916:06	–	atlassian
Atlassian	Improper Authorization in Fisheye & Crucible through ATST Plugin - CVE-2019-15005	26 Sep 201916:13	–	atlassian
Atlassian	Improper Authorization in Jira Server through ATST Plugin - CVE-2019-15005	25 Sep 201921:26	–	atlassian
Atlassian	Improper Authorization in Bambooo through ATST Plugin - CVE-2019-15005	26 Sep 201916:19	–	atlassian
Atlassian	Improper Authorization in Bitbucket Server through ATST Plugin - CVE-2019-15005	12 Sep 201920:01	–	atlassian
Atlassian	Improper Authorization in Confluence Server through ATST Plugin - CVE-2019-15005	25 Sep 201921:43	–	atlassian
Atlassian	Improper Authorization in Crowd through ATST Plugin - CVE-2019-15005	26 Sep 201916:06	–	atlassian

Source	Link
jira	www.jira.atlassian.com/browse/BAM-20647
herolab	www.herolab.usd.de/security-advisories/usd-2019-0016/

14 Nov 2019 21:15Current

4.3Medium risk

Vulners AI Score4.3

EPSS0.00215