Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for Jira Service Desk Data Center by Atlassian

    CVE-2021-39115 (GCVE-0-2021-39115)

    Vulnerability from nvd – Published: 2021-09-01 23:00 – Updated: 2024-10-11 19:19
    VLAI
    Summary
    Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-96 - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Jira Service Desk Server Affected: unspecified , < 4.13.9 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.18.0 (custom)
    Create a notification for this product.
    Atlassian Jira Service Desk Data Center Affected: unspecified , < 4.13.9 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.18.0 (custom)
    Create a notification for this product.
    atlassian jira_service_management Affected: 4.14.0 , < 4.18.0 (custom)
        cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*
    Create a notification for this product.
    atlassian jira_service_management Affected: 4.14.0 , < 4.18.0 (custom)
        cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*
    Create a notification for this product.
    atlassian jira_service_desk Affected: 0 , < 4.13.9 (custom)
        cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*
    Create a notification for this product.
    atlassian jira_service_desk Affected: 0 , < 4.13.9 (custom)
        cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*
    Create a notification for this product.
    Date Public
    2021-08-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:58:17.709Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-8665"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_management",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.18.0",
                    "status": "affected",
                    "version": "4.14.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_management",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.18.0",
                    "status": "affected",
                    "version": "4.14.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_desk",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.13.9",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_desk",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.13.9",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.2,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-39115",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-11T19:11:09.878988Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-11T19:19:10.750Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Service Desk Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.13.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.18.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Desk Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.13.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.18.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-08-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with \"Jira Administrators\" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-96",
                  "description": "CWE-96: Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-01T23:00:09.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-8665"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2021-08-30T00:00:00",
              "ID": "CVE-2021-39115",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jira Service Desk Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Desk Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.18.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with \"Jira Administrators\" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-96: Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-8665",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-8665"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2021-39115",
        "datePublished": "2021-09-01T23:00:09.591Z",
        "dateReserved": "2021-08-16T00:00:00.000Z",
        "dateUpdated": "2024-10-11T19:19:10.750Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15004 (GCVE-0-2019-15004)

    Vulnerability from nvd – Published: 2019-11-07 03:35 – Updated: 2024-09-16 23:15
    VLAI
    Summary
    The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Path Traversal
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Jira Service Desk Server Affected: unspecified , < 3.9.17 (custom)
    Affected: 3.10.0 , < unspecified (custom)
    Affected: unspecified , < 3.16.10 (custom)
    Affected: 4.0.0 , < unspecified (custom)
    Affected: unspecified , < 4.2.6 (custom)
    Affected: 4.3.0 , < unspecified (custom)
    Affected: unspecified , < 4.3.5 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.3 (custom)
    Affected: 4.5.0 , < unspecified (custom)
    Affected: unspecified , < 4.5.1 (custom)
    Create a notification for this product.
    Atlassian Jira Service Desk Data Center Affected: unspecified , < 3.9.17 (custom)
    Affected: 3.10.0 , < unspecified (custom)
    Affected: unspecified , < 3.16.10 (custom)
    Affected: 4.0.0 , < unspecified (custom)
    Affected: unspecified , < 4.2.6 (custom)
    Affected: 4.3.0 , < unspecified (custom)
    Affected: unspecified , < 4.3.5 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.3 (custom)
    Affected: 4.5.0 , < unspecified (custom)
    Affected: unspecified , < 4.5.1 (custom)
    Create a notification for this product.
    Date Public
    2019-11-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:52.994Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-6589"
              },
              {
                "name": "20191108 Jira Service Desk Server and Jira Service Desk Data Center Security Advisory - 2019-11-06 - CVE-2019-15003, CVE-2019-15004",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Nov/9"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/155214/Jira-Service-Desk-Server-Data-Center-Path-Traversal.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Service Desk Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "3.9.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "3.10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.16.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.5.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Desk Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "3.9.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "3.10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.16.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.5.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-11-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the \u0027Anyone can email the service desk or raise a request in the portal\u0027 setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Path Traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-08T17:06:31.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-6589"
            },
            {
              "name": "20191108 Jira Service Desk Server and Jira Service Desk Data Center Security Advisory - 2019-11-06 - CVE-2019-15003, CVE-2019-15004",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Nov/9"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/155214/Jira-Service-Desk-Server-Data-Center-Path-Traversal.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2019-11-07T00:00:00",
              "ID": "CVE-2019-15004",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jira Service Desk Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.9.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "3.10.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.16.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.2.6"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.5.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Desk Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.9.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "3.10.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.16.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.2.6"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.5.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the \u0027Anyone can email the service desk or raise a request in the portal\u0027 setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Path Traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-6589",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-6589"
                },
                {
                  "name": "20191108 Jira Service Desk Server and Jira Service Desk Data Center Security Advisory - 2019-11-06 - CVE-2019-15003, CVE-2019-15004",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Nov/9"
                },
                {
                  "name": "http://packetstormsecurity.com/files/155214/Jira-Service-Desk-Server-Data-Center-Path-Traversal.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/155214/Jira-Service-Desk-Server-Data-Center-Path-Traversal.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2019-15004",
        "datePublished": "2019-11-07T03:35:38.947Z",
        "dateReserved": "2019-08-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:15:47.761Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15003 (GCVE-0-2019-15003)

    Vulnerability from nvd – Published: 2019-11-07 03:35 – Updated: 2024-09-16 22:25
    VLAI
    Summary
    The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via authorization bypass. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Authorization Bypass
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Jira Service Desk Server Affected: unspecified , < 3.9.17 (custom)
    Affected: 3.10.0 , < unspecified (custom)
    Affected: unspecified , < 3.16.10 (custom)
    Affected: 4.0.0 , < unspecified (custom)
    Affected: unspecified , < 4.2.6 (custom)
    Affected: 4.3.0 , < unspecified (custom)
    Affected: unspecified , < 4.3.5 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.3 (custom)
    Affected: 4.5.0 , < unspecified (custom)
    Affected: unspecified , < 4.5.1 (custom)
    Create a notification for this product.
    Atlassian Jira Service Desk Data Center Affected: unspecified , < 3.9.17 (custom)
    Affected: 3.10.0 , < unspecified (custom)
    Affected: unspecified , < 3.16.10 (custom)
    Affected: 4.0.0 , < unspecified (custom)
    Affected: unspecified , < 4.2.6 (custom)
    Affected: 4.3.0 , < unspecified (custom)
    Affected: unspecified , < 4.3.5 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.3 (custom)
    Affected: 4.5.0 , < unspecified (custom)
    Affected: unspecified , < 4.5.1 (custom)
    Create a notification for this product.
    Date Public
    2019-11-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:53.128Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-6590"
              },
              {
                "name": "20191108 Jira Service Desk Server and Jira Service Desk Data Center Security Advisory - 2019-11-06 - CVE-2019-15003, CVE-2019-15004",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Nov/9"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/155214/Jira-Service-Desk-Server-Data-Center-Path-Traversal.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Service Desk Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "3.9.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "3.10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.16.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.5.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Desk Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "3.9.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "3.10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.16.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.5.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-11-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via authorization bypass. Note that when the \u0027Anyone can email the service desk or raise a request in the portal\u0027 setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authorization Bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-08T17:06:31.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-6590"
            },
            {
              "name": "20191108 Jira Service Desk Server and Jira Service Desk Data Center Security Advisory - 2019-11-06 - CVE-2019-15003, CVE-2019-15004",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Nov/9"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/155214/Jira-Service-Desk-Server-Data-Center-Path-Traversal.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2019-11-07T00:00:00",
              "ID": "CVE-2019-15003",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jira Service Desk Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.9.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "3.10.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.16.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.2.6"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.5.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Desk Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.9.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "3.10.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.16.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.2.6"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.5.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via authorization bypass. Note that when the \u0027Anyone can email the service desk or raise a request in the portal\u0027 setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Authorization Bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-6590",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-6590"
                },
                {
                  "name": "20191108 Jira Service Desk Server and Jira Service Desk Data Center Security Advisory - 2019-11-06 - CVE-2019-15003, CVE-2019-15004",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Nov/9"
                },
                {
                  "name": "http://packetstormsecurity.com/files/155214/Jira-Service-Desk-Server-Data-Center-Path-Traversal.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/155214/Jira-Service-Desk-Server-Data-Center-Path-Traversal.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2019-15003",
        "datePublished": "2019-11-07T03:35:38.545Z",
        "dateReserved": "2019-08-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:25:56.000Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-14994 (GCVE-0-2019-14994)

    Vulnerability from nvd – Published: 2019-09-19 14:20 – Updated: 2024-09-16 18:08
    VLAI
    Summary
    The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.16, from version 3.10.0 before version 3.16.8, from version 4.0.0 before version 4.1.3, from version 4.2.0 before version 4.2.5, from version 4.3.0 before version 4.3.4, and version 4.4.0 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Path Traversal
    Assigner
    Impacted products
    Vendor Product Version
    Atlassian Jira Service Desk Server Affected: unspecified , < 3.9.16 (custom)
    Affected: 3.10.0 , < unspecified (custom)
    Affected: unspecified , < 3.16.8 (custom)
    Affected: 4.0.0 , < unspecified (custom)
    Affected: unspecified , < 4.1.3 (custom)
    Affected: 4.2.0 , < unspecified (custom)
    Affected: unspecified , < 4.2.5 (custom)
    Affected: 4.3.0 , < unspecified (custom)
    Affected: unspecified , < 4.3.4 (custom)
    Affected: 4.4.0
    Create a notification for this product.
    Atlassian Jira Service Desk Data Center Affected: unspecified , < 3.9.16 (custom)
    Affected: 3.10.0 , < unspecified (custom)
    Affected: unspecified , < 3.16.8 (custom)
    Affected: 4.0.0 , < unspecified (custom)
    Affected: unspecified , < 4.1.3 (custom)
    Affected: 4.2.0 , < unspecified (custom)
    Affected: unspecified , < 4.2.5 (custom)
    Affected: 4.3.0 , < unspecified (custom)
    Affected: unspecified , < 4.3.4 (custom)
    Affected: 4.4.0
    Create a notification for this product.
    Date Public
    2018-09-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:52.769Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-6517"
              },
              {
                "name": "20190923 Jira Service Desk Server and Jira Service Desk Data Center - URL path traversal allows information disclosure - CVE-2019-14994",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Sep/39"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/154574/Jira-Service-Desk-Server-And-Data-Center-Path-Traversal.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://samcurry.net/analysis-of-cve-2019-14994/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Service Desk Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "3.9.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "3.10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.16.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.1.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.4.0"
                }
              ]
            },
            {
              "product": "Jira Service Desk Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "3.9.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "3.10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.16.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.1.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.4.0"
                }
              ]
            }
          ],
          "datePublic": "2018-09-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.16, from version 3.10.0 before version 3.16.8, from version 4.0.0 before version 4.1.3, from version 4.2.0 before version 4.2.5, from version 4.3.0 before version 4.3.4, and version 4.4.0 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the \u0027Anyone can email the service desk or raise a request in the portal\u0027 setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Path Traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-26T19:42:15.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-6517"
            },
            {
              "name": "20190923 Jira Service Desk Server and Jira Service Desk Data Center - URL path traversal allows information disclosure - CVE-2019-14994",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Sep/39"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/154574/Jira-Service-Desk-Server-And-Data-Center-Path-Traversal.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://samcurry.net/analysis-of-cve-2019-14994/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2018-09-18T00:00:00",
              "ID": "CVE-2019-14994",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jira Service Desk Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.9.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "3.10.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.16.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.1.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.2.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.4.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Desk Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.9.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "3.10.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.16.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.1.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.2.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.4.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.16, from version 3.10.0 before version 3.16.8, from version 4.0.0 before version 4.1.3, from version 4.2.0 before version 4.2.5, from version 4.3.0 before version 4.3.4, and version 4.4.0 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the \u0027Anyone can email the service desk or raise a request in the portal\u0027 setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Path Traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-6517",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-6517"
                },
                {
                  "name": "20190923 Jira Service Desk Server and Jira Service Desk Data Center - URL path traversal allows information disclosure - CVE-2019-14994",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Sep/39"
                },
                {
                  "name": "http://packetstormsecurity.com/files/154574/Jira-Service-Desk-Server-And-Data-Center-Path-Traversal.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/154574/Jira-Service-Desk-Server-And-Data-Center-Path-Traversal.html"
                },
                {
                  "name": "https://samcurry.net/analysis-of-cve-2019-14994/",
                  "refsource": "MISC",
                  "url": "https://samcurry.net/analysis-of-cve-2019-14994/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2019-14994",
        "datePublished": "2019-09-19T14:20:53.238Z",
        "dateReserved": "2019-08-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:08:34.171Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-39115 (GCVE-0-2021-39115)

    Vulnerability from cvelistv5 – Published: 2021-09-01 23:00 – Updated: 2024-10-11 19:19
    VLAI
    Summary
    Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-96 - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Jira Service Desk Server Affected: unspecified , < 4.13.9 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.18.0 (custom)
    Create a notification for this product.
    Atlassian Jira Service Desk Data Center Affected: unspecified , < 4.13.9 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.18.0 (custom)
    Create a notification for this product.
    atlassian jira_service_management Affected: 4.14.0 , < 4.18.0 (custom)
        cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*
    Create a notification for this product.
    atlassian jira_service_management Affected: 4.14.0 , < 4.18.0 (custom)
        cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*
    Create a notification for this product.
    atlassian jira_service_desk Affected: 0 , < 4.13.9 (custom)
        cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*
    Create a notification for this product.
    atlassian jira_service_desk Affected: 0 , < 4.13.9 (custom)
        cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*
    Create a notification for this product.
    Date Public
    2021-08-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:58:17.709Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-8665"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_management",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.18.0",
                    "status": "affected",
                    "version": "4.14.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_management",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.18.0",
                    "status": "affected",
                    "version": "4.14.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_desk",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.13.9",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_desk",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.13.9",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.2,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-39115",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-11T19:11:09.878988Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-11T19:19:10.750Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Service Desk Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.13.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.18.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Desk Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.13.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.18.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-08-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with \"Jira Administrators\" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-96",
                  "description": "CWE-96: Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-09-01T23:00:09.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-8665"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2021-08-30T00:00:00",
              "ID": "CVE-2021-39115",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jira Service Desk Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Desk Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.18.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with \"Jira Administrators\" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-96: Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-8665",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-8665"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2021-39115",
        "datePublished": "2021-09-01T23:00:09.591Z",
        "dateReserved": "2021-08-16T00:00:00.000Z",
        "dateUpdated": "2024-10-11T19:19:10.750Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15004 (GCVE-0-2019-15004)

    Vulnerability from cvelistv5 – Published: 2019-11-07 03:35 – Updated: 2024-09-16 23:15
    VLAI
    Summary
    The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Path Traversal
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Jira Service Desk Server Affected: unspecified , < 3.9.17 (custom)
    Affected: 3.10.0 , < unspecified (custom)
    Affected: unspecified , < 3.16.10 (custom)
    Affected: 4.0.0 , < unspecified (custom)
    Affected: unspecified , < 4.2.6 (custom)
    Affected: 4.3.0 , < unspecified (custom)
    Affected: unspecified , < 4.3.5 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.3 (custom)
    Affected: 4.5.0 , < unspecified (custom)
    Affected: unspecified , < 4.5.1 (custom)
    Create a notification for this product.
    Atlassian Jira Service Desk Data Center Affected: unspecified , < 3.9.17 (custom)
    Affected: 3.10.0 , < unspecified (custom)
    Affected: unspecified , < 3.16.10 (custom)
    Affected: 4.0.0 , < unspecified (custom)
    Affected: unspecified , < 4.2.6 (custom)
    Affected: 4.3.0 , < unspecified (custom)
    Affected: unspecified , < 4.3.5 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.3 (custom)
    Affected: 4.5.0 , < unspecified (custom)
    Affected: unspecified , < 4.5.1 (custom)
    Create a notification for this product.
    Date Public
    2019-11-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:52.994Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-6589"
              },
              {
                "name": "20191108 Jira Service Desk Server and Jira Service Desk Data Center Security Advisory - 2019-11-06 - CVE-2019-15003, CVE-2019-15004",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Nov/9"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/155214/Jira-Service-Desk-Server-Data-Center-Path-Traversal.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Service Desk Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "3.9.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "3.10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.16.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.5.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Desk Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "3.9.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "3.10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.16.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.5.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-11-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the \u0027Anyone can email the service desk or raise a request in the portal\u0027 setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Path Traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-08T17:06:31.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-6589"
            },
            {
              "name": "20191108 Jira Service Desk Server and Jira Service Desk Data Center Security Advisory - 2019-11-06 - CVE-2019-15003, CVE-2019-15004",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Nov/9"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/155214/Jira-Service-Desk-Server-Data-Center-Path-Traversal.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2019-11-07T00:00:00",
              "ID": "CVE-2019-15004",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jira Service Desk Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.9.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "3.10.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.16.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.2.6"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.5.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Desk Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.9.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "3.10.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.16.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.2.6"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.5.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the \u0027Anyone can email the service desk or raise a request in the portal\u0027 setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Path Traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-6589",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-6589"
                },
                {
                  "name": "20191108 Jira Service Desk Server and Jira Service Desk Data Center Security Advisory - 2019-11-06 - CVE-2019-15003, CVE-2019-15004",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Nov/9"
                },
                {
                  "name": "http://packetstormsecurity.com/files/155214/Jira-Service-Desk-Server-Data-Center-Path-Traversal.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/155214/Jira-Service-Desk-Server-Data-Center-Path-Traversal.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2019-15004",
        "datePublished": "2019-11-07T03:35:38.947Z",
        "dateReserved": "2019-08-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:15:47.761Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15003 (GCVE-0-2019-15003)

    Vulnerability from cvelistv5 – Published: 2019-11-07 03:35 – Updated: 2024-09-16 22:25
    VLAI
    Summary
    The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via authorization bypass. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Authorization Bypass
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Jira Service Desk Server Affected: unspecified , < 3.9.17 (custom)
    Affected: 3.10.0 , < unspecified (custom)
    Affected: unspecified , < 3.16.10 (custom)
    Affected: 4.0.0 , < unspecified (custom)
    Affected: unspecified , < 4.2.6 (custom)
    Affected: 4.3.0 , < unspecified (custom)
    Affected: unspecified , < 4.3.5 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.3 (custom)
    Affected: 4.5.0 , < unspecified (custom)
    Affected: unspecified , < 4.5.1 (custom)
    Create a notification for this product.
    Atlassian Jira Service Desk Data Center Affected: unspecified , < 3.9.17 (custom)
    Affected: 3.10.0 , < unspecified (custom)
    Affected: unspecified , < 3.16.10 (custom)
    Affected: 4.0.0 , < unspecified (custom)
    Affected: unspecified , < 4.2.6 (custom)
    Affected: 4.3.0 , < unspecified (custom)
    Affected: unspecified , < 4.3.5 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.3 (custom)
    Affected: 4.5.0 , < unspecified (custom)
    Affected: unspecified , < 4.5.1 (custom)
    Create a notification for this product.
    Date Public
    2019-11-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:53.128Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-6590"
              },
              {
                "name": "20191108 Jira Service Desk Server and Jira Service Desk Data Center Security Advisory - 2019-11-06 - CVE-2019-15003, CVE-2019-15004",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Nov/9"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/155214/Jira-Service-Desk-Server-Data-Center-Path-Traversal.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Service Desk Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "3.9.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "3.10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.16.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.5.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Desk Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "3.9.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "3.10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.16.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.5.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-11-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via authorization bypass. Note that when the \u0027Anyone can email the service desk or raise a request in the portal\u0027 setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authorization Bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-08T17:06:31.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-6590"
            },
            {
              "name": "20191108 Jira Service Desk Server and Jira Service Desk Data Center Security Advisory - 2019-11-06 - CVE-2019-15003, CVE-2019-15004",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Nov/9"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/155214/Jira-Service-Desk-Server-Data-Center-Path-Traversal.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2019-11-07T00:00:00",
              "ID": "CVE-2019-15003",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jira Service Desk Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.9.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "3.10.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.16.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.2.6"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.5.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Desk Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.9.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "3.10.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.16.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.2.6"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.5.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via authorization bypass. Note that when the \u0027Anyone can email the service desk or raise a request in the portal\u0027 setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Authorization Bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-6590",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-6590"
                },
                {
                  "name": "20191108 Jira Service Desk Server and Jira Service Desk Data Center Security Advisory - 2019-11-06 - CVE-2019-15003, CVE-2019-15004",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Nov/9"
                },
                {
                  "name": "http://packetstormsecurity.com/files/155214/Jira-Service-Desk-Server-Data-Center-Path-Traversal.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/155214/Jira-Service-Desk-Server-Data-Center-Path-Traversal.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2019-15003",
        "datePublished": "2019-11-07T03:35:38.545Z",
        "dateReserved": "2019-08-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:25:56.000Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-14994 (GCVE-0-2019-14994)

    Vulnerability from cvelistv5 – Published: 2019-09-19 14:20 – Updated: 2024-09-16 18:08
    VLAI
    Summary
    The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.16, from version 3.10.0 before version 3.16.8, from version 4.0.0 before version 4.1.3, from version 4.2.0 before version 4.2.5, from version 4.3.0 before version 4.3.4, and version 4.4.0 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Path Traversal
    Assigner
    Impacted products
    Vendor Product Version
    Atlassian Jira Service Desk Server Affected: unspecified , < 3.9.16 (custom)
    Affected: 3.10.0 , < unspecified (custom)
    Affected: unspecified , < 3.16.8 (custom)
    Affected: 4.0.0 , < unspecified (custom)
    Affected: unspecified , < 4.1.3 (custom)
    Affected: 4.2.0 , < unspecified (custom)
    Affected: unspecified , < 4.2.5 (custom)
    Affected: 4.3.0 , < unspecified (custom)
    Affected: unspecified , < 4.3.4 (custom)
    Affected: 4.4.0
    Create a notification for this product.
    Atlassian Jira Service Desk Data Center Affected: unspecified , < 3.9.16 (custom)
    Affected: 3.10.0 , < unspecified (custom)
    Affected: unspecified , < 3.16.8 (custom)
    Affected: 4.0.0 , < unspecified (custom)
    Affected: unspecified , < 4.1.3 (custom)
    Affected: 4.2.0 , < unspecified (custom)
    Affected: unspecified , < 4.2.5 (custom)
    Affected: 4.3.0 , < unspecified (custom)
    Affected: unspecified , < 4.3.4 (custom)
    Affected: 4.4.0
    Create a notification for this product.
    Date Public
    2018-09-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:52.769Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-6517"
              },
              {
                "name": "20190923 Jira Service Desk Server and Jira Service Desk Data Center - URL path traversal allows information disclosure - CVE-2019-14994",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Sep/39"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/154574/Jira-Service-Desk-Server-And-Data-Center-Path-Traversal.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://samcurry.net/analysis-of-cve-2019-14994/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Jira Service Desk Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "3.9.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "3.10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.16.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.1.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.4.0"
                }
              ]
            },
            {
              "product": "Jira Service Desk Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "3.9.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "3.10.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.16.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.1.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "4.4.0"
                }
              ]
            }
          ],
          "datePublic": "2018-09-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.16, from version 3.10.0 before version 3.16.8, from version 4.0.0 before version 4.1.3, from version 4.2.0 before version 4.2.5, from version 4.3.0 before version 4.3.4, and version 4.4.0 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the \u0027Anyone can email the service desk or raise a request in the portal\u0027 setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Path Traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-26T19:42:15.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-6517"
            },
            {
              "name": "20190923 Jira Service Desk Server and Jira Service Desk Data Center - URL path traversal allows information disclosure - CVE-2019-14994",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Sep/39"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/154574/Jira-Service-Desk-Server-And-Data-Center-Path-Traversal.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://samcurry.net/analysis-of-cve-2019-14994/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2018-09-18T00:00:00",
              "ID": "CVE-2019-14994",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Jira Service Desk Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.9.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "3.10.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.16.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.1.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.2.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.4.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Desk Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.9.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "3.10.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.16.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.1.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.2.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "4.4.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.16, from version 3.10.0 before version 3.16.8, from version 4.0.0 before version 4.1.3, from version 4.2.0 before version 4.2.5, from version 4.3.0 before version 4.3.4, and version 4.4.0 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the \u0027Anyone can email the service desk or raise a request in the portal\u0027 setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Path Traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-6517",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-6517"
                },
                {
                  "name": "20190923 Jira Service Desk Server and Jira Service Desk Data Center - URL path traversal allows information disclosure - CVE-2019-14994",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Sep/39"
                },
                {
                  "name": "http://packetstormsecurity.com/files/154574/Jira-Service-Desk-Server-And-Data-Center-Path-Traversal.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/154574/Jira-Service-Desk-Server-And-Data-Center-Path-Traversal.html"
                },
                {
                  "name": "https://samcurry.net/analysis-of-cve-2019-14994/",
                  "refsource": "MISC",
                  "url": "https://samcurry.net/analysis-of-cve-2019-14994/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2019-14994",
        "datePublished": "2019-09-19T14:20:53.238Z",
        "dateReserved": "2019-08-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:08:34.171Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }