Jira Service Desk Server And Data Center Path Traversal Vulnerability

This email refers to the advisory found at
https://confluence.atlassian.com/jira/jira-service-desk-security-advisory-2019-09-18-976171274.html


CVE ID:

* CVE-2019-14994.


Product: Jira Service Desk Server and Data Center.

Affected Jira Service Desk Server and Data Center product versions:

version < 3.9.16
3.10.0 <= version < 3.16.8
4.0.0 <= version < 4.1.3
4.2.0 <= version < 4.2.5
4.3.0 <= version < 4.3.4
4.4.0 <= version < 4.4.1


Fixed Jira Service Desk Server and Data Center product versions:

* for 3.9.x and earlier, Jira Service Desk Server and Data Center
3.9.16 has been released
with a fix for this issue.
* for 3.16.x, Jira Service Desk Server and Data Center 3.16.8 has been released
with a fix for this issue.
* for 4.1.x, Jira Service Desk Server and Data Center 4.1.3 has been released
with a fix for this issue.
* for 4.2.x, Jira Service Desk Server and Data Center 4.2.5 has been released
with a fix for this issue.
* for 4.3.x, Jira Service Desk Server and Data Center 4.3.4 has been released
with a fix for this issue.
* for 4.4.x, Jira Service Desk Server and Data Center 4.4.1 has been released
with a fix for this issue.


Summary:
This advisory discloses a critical severity security vulnerability. Versions of
Jira Service Desk Server and Data Center are affected by this vulnerability.

Customers who have upgraded Jira Service Desk Server and Data Center to version
3.9.16, 3.16.8, 4.1.3, 4.2.5, 4.3.4, or 4.4.1 are not affected.

Customers who have downloaded and installed affected versions of Jira Service
Desk Server and Data, please upgrade your Jira Service Desk Server
and Data Center installations immediately to fix this vulnerability.


URL path traversal allows information disclosure - CVE-2019-14994

Severity:
Atlassian rates the severity level of this vulnerability as critical, according
to the scale published in our Atlassian severity levels. The scale allows us to
rank the severity as critical, high, moderate or low.
This is our assessment and you should evaluate its applicability to your own IT
environment.


Description

A URL path traversal vulnerability in Jira Service Desk Server and Jira Service Desk Data Center allows a remote attacker with portal access to view all issues from all projects in the affected instance. This could include Jira Service Desk projects, Jira Core projects, and Jira Software projects. Note that when the Anyone can email the service desk or raise a request in the portal setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.
Affected Versions

    All versions prior to 3.9.16
    Versions from 3.10.0 prior to 3.16.8
    Versions from 4.0.0 prior to 4.1.3
    Versions from 4.2.0 prior to 4.2.5
    Versions from 4.3.0 prior to 4.3.4
    Version 4.4.0

Workaround

    Block requests to Jira containing .. at the reverse proxy or load balancer level
    Alternatively, configure Jira to redirect requests containing .. to a safe URL 
        Add the following to the <urlrewrite> section of
        [jira-installation-directory]/atlassian-jira/WEB-INF/urlrewrite.xml:

          <rule>
                <from>^/[^?]*\.\..*$</from>
                <to type="temporary-redirect">/</to>
          </rule>

    Restart Jira

Refer to the Jira KB for more information on these workarounds.

#  0day.today [2019-12-04]  #