Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 6.10.2
Affects Version/s: 6.2.0, 6.3.0, 6.2.1, 6.2.2, 6.2.3, 6.3.1, 6.2.5, 6.4.0, 6.2.8, 6.3.2, 6.2.9, 6.5.0, 6.4.1, 6.3.3, 6.4.2, 6.5.1, 6.6.0, 6.3.4, 6.7.0, 6.6.1, 6.6.2, 6.6.3, 6.8.0, 6.6.4, 6.7.2, 6.7.1, 6.7.3, 6.8.1, 6.9.0, 6.8.2, 6.10.0, 6.9.1, 6.8.3, 6.9.2, 6.9.3, 6.10.1
Component/s: System Administration - Troubleshooting and Support Tools (ATST)
Labels:

Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

The Atlassian Troubleshooting and Support Tools (ATST) plugin prior to version 1.17.2 which was used in Bamboo before version 6.10.2, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into.

relates to

BSERV-11960 Improper Authorization in Bitbucket Server through ATST Plugin - CVE-2019-15005

Closed

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 26/Sep/2019 4:19 PM

Updated:: 10/Dec/2019 3:24 AM

Resolved:: 26/Sep/2019 4:23 PM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates