Talos IntelligenceTALOS-2019-0838Atlassian Jira Tempo plugin issue summary information disclosure vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
24.8%
Summary
An issue summary information disclosure vulnerability exists in Atlassian Jira Tempo plugin, version 4.10.0. Authenticated users can obtain the summary for issues they do not have permission to view via the Tempo plugin.
Tested Versions
Atlassian Jira 7.6.4 Atlassian Jira Tempo Core system plugin 4.10.0
Product URLs
<https://www.atlassian.com/software/jira>
CVSSv3 Score
4.3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE
CWE-862 - Missing Authorization
Details
An attacker can use this vector to view the summary of arbitrary issues. In order for the exploit to run successfully, the user must have a valid session. This does not display any actual time information collected by the tempo plugin.
Exploit Proof-of-Concept
With an authenticated session, submit a GET to /secure/TempoIssueBoard!timesheet.jspa?issue=<ISSUE-KEY>, replacing <ISSUE-KEY> with a valid issue key.
Timeline
2019-05-14 - Vendor Disclosure
2019-06-11 - Issued to 3rd party vendor (Tempo)
2019-06-21 - Vendor (Tempo) fixed
2019-09-16 - Public Release
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
24.8%