-
Bug
-
Resolution: Fixed
-
Low
-
6.2.0, (35)
6.3.0, 6.2.1, 6.2.2, 6.2.3, 6.3.1, 6.2.5, 6.4.0, 6.2.8, 6.3.2, 6.2.9, 6.5.0, 6.4.1, 6.3.3, 6.4.2, 6.5.1, 6.6.0, 6.3.4, 6.7.0, 6.6.1, 6.6.2, 6.6.3, 6.8.0, 6.6.4, 6.7.2, 6.7.1, 6.7.3, 6.8.1, 6.9.0, 6.8.2, 6.10.0, 6.9.1, 6.8.3, 6.9.2, 6.9.3, 6.10.1
-
Severity 2 - Major
-
The Atlassian Troubleshooting and Support Tools (ATST) plugin prior to version 1.17.2 which was used in Bamboo before version 6.10.2, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into.
- relates to
-
-
- Closed
-
[BAM-20647] Improper Authorization in Bambooo through ATST Plugin - CVE-2019-15005
| Labels | Original: CVE-2019-15005 advisory advisory-released cvss-medium security | New: CVE-2019-15005 advisory advisory-released cvss-medium improper-authorization security |
| Labels | Original: CVE-2019-15005 advisory advisory-released advisory-to-release cvss-medium security | New: CVE-2019-15005 advisory advisory-released cvss-medium security |
| Labels | Original: CVE-2019-15005 advisory advisory-to-release cvss-medium security | New: CVE-2019-15005 advisory advisory-released advisory-to-release cvss-medium security |
| Security | Original: Atlassian Staff [ 10750 ] |
| Description | Original: The Atlassian Troubleshooting and Support Tools (ATST) plugin prior to version 1.17.2 in Bamboo before version 6.10.2, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into. | New: The Atlassian Troubleshooting and Support Tools (ATST) plugin prior to version 1.17.2 which was used in Bamboo before version 6.10.2, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into. |
| Description | Original: The Atlassian Troubleshooting and Support Tools (ATST) plugin prior to version 1.17.2 in Bamboo from 6.2.0 and before 6.10.2, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into. | New: The Atlassian Troubleshooting and Support Tools (ATST) plugin prior to version 1.17.2 in Bamboo before version 6.10.2, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into. |
| Link |
New:
This issue relates to |
| Labels | Original: advisory advisory-to-release cve-2019-15003 cvss-medium security | New: CVE-2019-15005 advisory advisory-to-release cvss-medium security |
| Summary | Original: Improper Authorization in Bambooo through ATST Plugin - CVE-2019-15003 | New: Improper Authorization in Bambooo through ATST Plugin - CVE-2019-15005 |
| Link |
Original:
This issue is cloned from |
| Description | Original: ATST plugin (version prior to 1.17.2) in Atlassian Bamboo from version 6.2.0 before version 6.10.2 allows unprivileged user to create a periodic scan and access the results via email. | New: The Atlassian Troubleshooting and Support Tools (ATST) plugin prior to version 1.17.2 in Bamboo from 6.2.0 and before 6.10.2, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into. |