RSS   Vulnerabilities for 'Troubleshooting and support'   RSS

2019-11-08
 
CVE-2019-15005

CWE-862
 

 
The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into. A vulnerable version of the plugin is included with Bitbucket Server / Data Center before 6.6.0, Confluence Server / Data Center before 7.0.1, Jira Server / Data Center before 8.3.2, Crowd / Crowd Data Center before 3.6.0, Fisheye before 4.7.2, Crucible before 4.7.2, and Bamboo before 6.10.2.

 

 >>> Vendor: Atlassian 44 Products
Confluence
JIRA
Fisheye
Bamboo
Crowd
Crucible
Hipchat
Jira core
Jira service desk
Jira integration for hipchat
Bitbucket
Hipchat server
Sourcetree
Oauth
Bitbucket auto unapprove plugin
Bitbucket server
Floodlight
Floodlight controller
Cloudtoken
Crowd2
Application links
Universal plugin manager
Jira service desk server
Troubleshooting and support
Saml single sign on
Subversion application lifecycle management
Jira software data center
Companion
Navigator links
Data center
Editor-core
Alfresco enterprise content management
Connect express
Connect spring boot
Jira server and data center
Jira service management
Confluence data center
Confluence server
Bitbucket data center
Jira data center
Jira server
Assets discovery data server
Assets discovery data center
Assets discovery cloud


Copyright 2024, cxsecurity.com

 

Back to Top