Jira Service Desk Server / Data Center Path Traversal

2019.11.10
Credit: Atlassian
Risk: Medium
Local: Yes
Remote: No
CWE: CWE-22

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 This email refers to the advisory found at https://confluence.atlassian.com/jira/jira-service-desk-security-advisory-2019-11-06-979412717.html . CVE ID: * CVE-2019-15003 * CVE-2019-15004 Product: Jira Service Desk Server and Data Center. Affected Jira Service Desk Server and Data Center product versions: version < 3.9.17 3.10.0 <= version < 3.16.11 4.0.0 <= version < 4.2.6 4.3.0 <= version < 4.3.5 4.4.0 <= version < 4.4.3 4.5.0 <= version < 4.5.1 Fixed Jira Service Desk Server and Data Center product versions: * for 3.9.x, Jira Service Desk Server and Data Center 3.9.17 has been released with a fix for this issue. * for 3.16.x, Jira Service Desk Server and Data Center 3.16.11 has been released with a fix for this issue. * for 4.2.x, Jira Service Desk Server and Data Center 4.2.6 has been released with a fix for this issue. * for 4.3.x, Jira Service Desk Server and Data Center 4.3.5 has been released with a fix for this issue. * for 4.4.x, Jira Service Desk Server and Data Center 4.4.3 has been released with a fix for this issue. * for 4.5.x, Jira Service Desk Server and Data Center 4.5.1 has been released with a fix for this issue. Summary: This advisory discloses a critical severity security vulnerability. Versions of Jira Service Desk Server and Data Center are affected by this vulnerability. Customers who have upgraded Jira Service Desk Server and Data Center to version 3.9.17 or 3.16.11 or 4.2.6 or 4.3.5 or 4.4.3 or 4.5.1 are not affected. Customers who have downloaded and installed Jira Service Desk Server and Data Center less than 3.9.17 (the fixed version for 3.9.x) or who have downloaded and installed Jira Service Desk Server and Data Center >= 3.10.0 but less than 3.16.11 (the fixed version for 3.16.x) or who have downloaded and installed Jira Service Desk Server and Data Center >= 4.0.0 but less than 4.2.6 (the fixed version for 4.2.x) or who have downloaded and installed Jira Service Desk Server and Data Center >= 4.3.0 but less than 4.3.5 (the fixed version for 4.3.x) or who have downloaded and installed Jira Service Desk Server and Data Center >= 4.4.0 but less than 4.4.3 (the fixed version for 4.4.x) or who have downloaded and installed Jira Service Desk Server and Data Center >= 4.5.0 but less than 4.5.1 (the fixed version for 4.5.x) please upgrade your Jira Service Desk Server and Data Center installations immediately to fix this vulnerability. URL path traversal allows information disclosure - CVE-2019-15003 Severity: Atlassian rates the severity level of this vulnerability as critical, according to the scale published in our Atlassian severity levels. The scale allows us to rank the severity as critical, high, moderate or low. This is our assessment and you should evaluate its applicability to your own IT environment. Description: By design, Jira Service Desk gives customer portal users permissions only to raise requests and view issues. This allows users to interact with the customer portal without having direct access to Jira. These restrictions can be bypassed by a remote attacker with portal access who exploits a path traversal vulnerability. Note that attackers can grant themselves access to Jira Service Desk portals that have the Anyone can email the service desk or raise a request in the portal setting enabled. Exploitation allows an attacker to view all issues within all Jira projects contained in the vulnerable instance. This could include Jira Service Desk projects, Jira Core projects, and Jira Software projects. Versions of Jira Service Desk Server and Data Center all versions before 3.9.17 (the fixed version for 3.9.x), from version 3.10.0 before 3.16.10 (the fixed version for 3.16.x), from version 4.0.0 before 4.2.6 (the fixed version for 4.2.x), from version 4.3.0 before 4.3.5 (the fixed version for 4.3.x), from version 4.4.0 before 4.4.3 (the fixed version for 4.4.x), and from version 4.5.0 before 4.5.1 (the fixed version for 4.5.x) are affected by this vulnerability. This issue can be tracked at: https://jira.atlassian.com/browse/JSDSERVER-6589 . Fix: To address this issue, we've released the following versions containing a fix: * Jira Service Desk Server and Data Center version 3.9.17 * Jira Service Desk Server and Data Center version 3.16.11 * Jira Service Desk Server and Data Center version 4.2.6 * Jira Service Desk Server and Data Center version 4.3.5 * Jira Service Desk Server and Data Center version 4.4.3 * Jira Service Desk Server and Data Center version 4.5.1 Remediation: Upgrade Jira Service Desk Server and Data Center to version 4.5.1 or higher. The vulnerabilities and fix versions are described above. If affected, you should upgrade to the latest version immediately. If you are running Jira Service Desk Server and Data Center 3.9.x and cannot upgrade to 4.5.1, upgrade to version 3.9.17. If you are running Jira Service Desk Server and Data Center 3.16.x and cannot upgrade to 4.5.1, upgrade to version 3.16.11. If you are running Jira Service Desk Server and Data Center 4.2.x and cannot upgrade to 4.5.1, upgrade to version 4.2.6. If you are running Jira Service Desk Server and Data Center 4.3.x and cannot upgrade to 4.5.1, upgrade to version 4.3.5. If you are running Jira Service Desk Server and Data Center 4.4.x and cannot upgrade to 4.5.1, upgrade to version 4.4.3. For a full description of the latest version of Jira Service Desk Server and Data Center, see the release notes found at https://confluence.atlassian.com/servicedesk/jira-service-desk-release-notes-780083086.html. You can download the latest version of Jira Service Desk Server and Data Center from the download centre found at https://www.atlassian.com/software/jira/service-desk/download. Support: If you have questions or concerns regarding this advisory, please raise a support request at https://support.atlassian.com/. -----BEGIN PGP SIGNATURE----- iQJLBAEBCgA1FiEEXh3qw5vbMx/VSutRJCCXorxSdqAFAl3E4DkXHHNlY3VyaXR5 QGF0bGFzc2lhbi5jb20ACgkQJCCXorxSdqCHlhAAms1Ea3KA/TJEtsdOtlH3kw4h 1wN3Pk18v986BwDsE06pO3HsY8ra608o1Pzx++AVdLnPQU+fIBUfg2SKBIn/ACGS 7s8qKCzcveZsCnZqHJaaSNYubGxiT20QnxfBDh8tTCJzp0m5s9zdArNb4kITUsWT pLH0gQ/cPx4Ureb8nO2JpcpU9joJdAODU7NCF+jRCmDreYJBWwROGtCnP4VPmquC v0CsvfMAFENscvAszxAybXNG5CoiBjb0+qwJq8K6yWeu6c5kwGoh7k90Hk5JdDJm z1MTJb6T9FTHvlmfGUfCOVFpvFtuNzFaPBhxfKaHHYlksOnXzTHztlJsi+nuojyE FAONVh3Fcq+cL2DB/jAOxnBgcWvOIWYkgNkRFyZIZ+y09LuFTowzlShy9+RC9+0z kH+w7HKgA0gSeJvvrgTW5BUaOklvT7wVKMmG+aEz0w32kJhPwPIgcPtIQ2uAYj9C uJKP5FwKULoWUXMDWclrY3xMxSRL/g7bv0ZAVlGzLdtFBkr0zZexdm/FJoAr7nQU 7Et0TjVKHzr00Y0kCVO/fmN3BWK12iNrOZZ1Vo4j/u8xL7BxqqimrlN1jfv+46lt t8LF2JwCaVV9qirrVJDj6T650aLyXdKgTYrrvJtXjCnmnhixd/t1yDcnd585iKva xgbVIqGBDtaP+lRrsTs= =TvXO -----END PGP SIGNATURE-----


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top