[BAM-20647] Improper Authorization in Bambooo through ATST Plugin - CVE-2019-15005 - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 6.10.2
Affects Version/s: 6.2.0, (35)
6.3.0, 6.2.1, 6.2.2, 6.2.3, 6.3.1, 6.2.5, 6.4.0, 6.2.8, 6.3.2, 6.2.9, 6.5.0, 6.4.1, 6.3.3, 6.4.2, 6.5.1, 6.6.0, 6.3.4, 6.7.0, 6.6.1, 6.6.2, 6.6.3, 6.8.0, 6.6.4, 6.7.2, 6.7.1, 6.7.3, 6.8.1, 6.9.0, 6.8.2, 6.10.0, 6.9.1, 6.8.3, 6.9.2, 6.9.3, 6.10.1
Component/s: System Administration - Troubleshooting and Support Tools (ATST)
Labels:

Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

The Atlassian Troubleshooting and Support Tools (ATST) plugin prior to version 1.17.2 which was used in Bamboo before version 6.10.2, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into.

relates to

BSERV-11960 Improper Authorization in Bitbucket Server through ATST Plugin - CVE-2019-15005

Closed

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Affected customers:: 0 This affects my team

Watchers:: 1 Start watching this issue

Created:: 26/Sep/2019 4:19 PM

Updated:: 10/Dec/2019 3:24 AM

Resolved:: 26/Sep/2019 4:23 PM

Bamboo Data Center

Details

Description

Attachments

Issue Links

Forms

Activity

[BAM-20647] Improper Authorization in Bambooo through ATST Plugin - CVE-2019-15005

People

Dates