RSS   Podatności dla 'Jira service desk server'   RSS

2019-09-19
 
CVE-2019-14994

CWE-22
 

 
The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.16, from version 3.10.0 before version 3.16.8, from version 4.0.0 before version 4.1.3, from version 4.2.0 before version 4.2.5, from version 4.3.0 before version 4.3.4, and version 4.4.0 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.

 

 >>> Vendor: Atlassian 26 Produkty
Confluence
JIRA
Fisheye
Bamboo
Crowd
Crucible
Hipchat
Jira core
Jira service desk
Jira integration for hipchat
Bitbucket
Hipchat server
Sourcetree
Oauth
Bitbucket auto unapprove plugin
Bitbucket server
Floodlight controller
Cloudtoken
Crowd2
Application links
Universal plugin manager
Jira service desk server
Troubleshooting and support
Saml single sign on
Subversion application lifecycle management
Jira software data center


Copyright 2020, cxsecurity.com

 

Back to Top