• Type: Bug
• Resolution: Fixed
• Priority: Low
• Fix Version/s: 6.10.2
• Affects Version/s: 6.2.0, (35)
  6.3.0, 6.2.1, 6.2.2, 6.2.3, 6.3.1, 6.2.5, 6.4.0, 6.2.8, 6.3.2, 6.2.9, 6.5.0, 6.4.1, 6.3.3, 6.4.2, 6.5.1, 6.6.0, 6.3.4, 6.7.0, 6.6.1, 6.6.2, 6.6.3, 6.8.0, 6.6.4, 6.7.2, 6.7.1, 6.7.3, 6.8.1, 6.9.0, 6.8.2, 6.10.0, 6.9.1, 6.8.3, 6.9.2, 6.9.3, 6.10.1
• Component/s: System Administration - Troubleshooting and Support Tools (ATST)
• Labels:

  • CVE-2019-15005
  • advisory
  • advisory-released
  • cvss-medium
  • improper-authorization
  • security

[BAM-20647] Improper Authorization in Bambooo through ATST Plugin - CVE-2019-15005

Collapse comment: David Black added a comment - 03/Nov/2019 11:32 PM

David Black added a comment - 03/Nov/2019 11:32 PM

This is an independent assessment and you should evaluate its applicability to your own IT environment.
CVSS v3 score: 4.3 => Medium severity

Exploitability Metrics

Attack Vector	Network
Attack Complexity	Low
Privileges Required	Low
User Interaction	None

Scope Metric

Scope	Unchanged

Impact Metrics

Confidentiality	Low
Integrity	None
Availability	None

https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Expand comment: David Black added a comment - 03/Nov/2019 11:32 PM

David Black added a comment - 03/Nov/2019 11:32 PM This is an independent assessment and you should evaluate its applicability to your own IT environment. CVSS v3 score: 4.3 => Medium severity Exploitability Metrics Attack Vector Network Attack Complexity Low Privileges Required Low User Interaction None Scope Metric Scope Unchanged Impact Metrics Confidentiality Low Integrity None Availability None https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N