Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Duplicate
Priority: Low
Fix Version/s: 7.0.1, ATST-1.17.2
Affects Version/s: 6.5.0, 6.5.1, 6.5.2, 6.5.3, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11, 6.6.12, 6.6.13, 6.6.14, 6.6.15, 6.6.16, 6.6.17
Component/s: System Administration - Troubleshooting and Support Tools (ATST)
Labels:

Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

The Atlassian Troubleshooting and Support Tools (ATST) plugin prior to version 1.17.2 which was bundled in Confluence Server & Confluence Data Center before version 7.0.1, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into.

Attachments

Issue Links

relates to

BSERV-11960 Improper Authorization in Bitbucket Server through ATST Plugin - CVE-2019-15005

Closed

XPLN-1009 Loading...

Activity

People

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 25/Sep/2019 9:43 PM

Updated:: 17/Mar/2020 10:03 AM

Resolved:: 26/Sep/2019 1:11 AM