Jira Service Desk Server and Data Center product versions below 3.9.16, 3.10.0 up to 3.16.8, 4.0.0 up to 4.1.3, 4.2.0 up to 4.2.5, 4.3.0 up to 4.3.4, and 4.4.0 up to 4.4.1 are susceptible to a path traversal vulnerability.
This email refers to the advisory found at
https://confluence.atlassian.com/jira/jira-service-desk-security-advisory-2019-09-18-976171274.html
CVE ID:
* CVE-2019-14994.
Product: Jira Service Desk Server and Data Center.
Affected Jira Service Desk Server and Data Center product versions:
version < 3.9.16
3.10.0 <= version < 3.16.8
4.0.0 <= version < 4.1.3
4.2.0 <= version < 4.2.5
4.3.0 <= version < 4.3.4
4.4.0 <= version < 4.4.1
Fixed Jira Service Desk Server and Data Center product versions:
* for 3.9.x and earlier, Jira Service Desk Server and Data Center
3.9.16 has been released
with a fix for this issue.
* for 3.16.x, Jira Service Desk Server and Data Center 3.16.8 has been released
with a fix for this issue.
* for 4.1.x, Jira Service Desk Server and Data Center 4.1.3 has been released
with a fix for this issue.
* for 4.2.x, Jira Service Desk Server and Data Center 4.2.5 has been released
with a fix for this issue.
* for 4.3.x, Jira Service Desk Server and Data Center 4.3.4 has been released
with a fix for this issue.
* for 4.4.x, Jira Service Desk Server and Data Center 4.4.1 has been released
with a fix for this issue.
Summary:
This advisory discloses a critical severity security vulnerability. Versions of
Jira Service Desk Server and Data Center are affected by this vulnerability.
Customers who have upgraded Jira Service Desk Server and Data Center to version
3.9.16, 3.16.8, 4.1.3, 4.2.5, 4.3.4, or 4.4.1 are not affected.
Customers who have downloaded and installed affected versions of Jira Service
Desk Server and Data, please upgrade your Jira Service Desk Server
and Data Center installations immediately to fix this vulnerability.
URL path traversal allows information disclosure - CVE-2019-14994
Severity:
Atlassian rates the severity level of this vulnerability as critical, according
to the scale published in our Atlassian severity levels. The scale allows us to
rank the severity as critical, high, moderate or low.
This is our assessment and you should evaluate its applicability to your own IT
environment.
Description
A URL path traversal vulnerability in Jira Service Desk Server and Jira Service Desk Data Center allows a remote attacker with portal access to view all issues from all projects in the affected instance. This could include Jira Service Desk projects, Jira Core projects, and Jira Software projects. Note that when the Anyone can email the service desk or raise a request in the portal setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.
Affected Versions
All versions prior to 3.9.16
Versions from 3.10.0 prior to 3.16.8
Versions from 4.0.0 prior to 4.1.3
Versions from 4.2.0 prior to 4.2.5
Versions from 4.3.0 prior to 4.3.4
Version 4.4.0
Workaround
Block requests to Jira containing .. at the reverse proxy or load balancer level
Alternatively, configure Jira to redirect requests containing .. to a safe URL
Add the following to the <urlrewrite> section of
[jira-installation-directory]/atlassian-jira/WEB-INF/urlrewrite.xml:
<rule>
<from>^/[^?]*\.\..*$</from>
<to type="temporary-redirect">/</to>
</rule>
Restart Jira
Refer to the Jira KB for more information on these workarounds.
# 0day.today [2019-12-04] #