-
Bug
-
Resolution: Fixed
-
Low
-
3.2.0, (26)
3.2.1, 3.2.2, 3.2.3, 3.3.0, 3.2.4, 3.2.5, 3.3.1, 3.4.0, 3.3.2, 3.2.6, 3.2.7, 3.3.3, 3.2.8, 3.3.4, 3.3.6, 3.3.5, 3.4.1, 3.5.0, 3.4.3, 3.4.4, 3.4.5, 3.3.7, 3.4.6, 3.4.7, 3.5.1, 3.5.2
-
Severity 2 - Major
-
The Atlassian Troubleshooting and Support Tools (ATST) plugin prior to version 1.17.2 which was used in Crowd & Crowd Data Center before version 3.6.0, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into.
- relates to
-
BSERV-11960 Improper Authorization in Bitbucket Server through ATST Plugin - CVE-2019-15005
-
- Closed
-
[CWD-5466] Improper Authorization in Crowd through ATST Plugin - CVE-2019-15005
Labels | Original: CVE-2019-15005 advisory advisory-released cvss-medium security | New: CVE-2019-15005 advisory advisory-released cvss-medium improper-authorization security |
Labels | Original: CVE-2019-15005 advisory advisory-released advisory-to-release cvss-medium security | New: CVE-2019-15005 advisory advisory-released cvss-medium security |
Labels | Original: CVE-2019-15005 advisory advisory-to-release cvss-medium security | New: CVE-2019-15005 advisory advisory-released advisory-to-release cvss-medium security |
Security | Original: Atlassian Staff [ 10750 ] |
Description | Original: The Atlassian Troubleshooting and Support Tools (ATST) plugin prior to version 1.17.2 in Crowd & Crowd Data Center before version 3.6.0, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into. | New: The Atlassian Troubleshooting and Support Tools (ATST) plugin prior to version 1.17.2 which was used in Crowd & Crowd Data Center before version 3.6.0, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into. |
Description | Original: The Atlassian Troubleshooting and Support Tools (ATST) plugin prior to version 1.17.2 in Crowd / Crowd Data Center from 3.2.0 and before 3.6.0, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into. | New: The Atlassian Troubleshooting and Support Tools (ATST) plugin prior to version 1.17.2 in Crowd & Crowd Data Center before version 3.6.0, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into. |
Link |
New:
This issue relates to |
Labels | Original: advisory advisory-to-release cve-2019-15003 cvss-medium security | New: CVE-2019-15005 advisory advisory-to-release cvss-medium security |
Summary | Original: Improper Authorization in Crowd through ATST Plugin - CVE-2019-15003 | New: Improper Authorization in Crowd through ATST Plugin - CVE-2019-15005 |
Link |
Original:
This issue is cloned from |
This is an independent assessment and you should evaluate its applicability to your own IT environment.
CVSS v3 score: 4.3 => Medium severity
Exploitability Metrics
Scope Metric
Impact Metrics
https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N