• Type: Bug
• Resolution: Fixed
• Priority: Low (View bug fix roadmap)
• Fix Version/s: 8.6.0, 8.5.5
• Affects Version/s: 7.13.5, 8.2.4
• Component/s: Jira Importers Plugin
• Labels:

  • advisory
  • advisory-released
  • bugbounty
  • cve-2019-20403
  • cvss-medium
  • information-disclosure
  • security

[JRASERVER-70565] Information disclosure of project key existence vulnerability in Jira - CVE-2019-20403

Collapse comment: Priya Varghese added a comment - 18/Mar/2022 5:09 AM

Priya Varghese added a comment - 18/Mar/2022 5:09 AM

Hello,

Thank you so much for your comments on this issue. We value your feedback.
We’re doing further research on the usage of the Jira Import Tool (also known as Jira Importers Plug-in / CSV Import / Trello Import), and we’d like to invite you to take part in an upcoming customer research study.
 
What’s involved in the research: * We’ll schedule a 1-hour session at a time that’s convenient for you. The session will be conducted over video-conference, so you can participate from anywhere around the globe.

• During the research, we'll start with a general chat to get to know you, and then we’d like to hear about how you use the Jira Import Tool for your tasks, and any feedback you have about the tool.
• As a token of our appreciation, you'll receive an e-gift card worth $100 within 5 days of completing your session.

 
If you're interested in taking part, please contact me on pvarghese@atlassian.com to schedule a time that works for you.
If you have any other questions at all, feel free to reply to this message or email me directly on pvarghese@atlassian.com
We look forward to meeting you!
 
Cheers,
Priya Varghese
(Migrations Experience Design Team)

Expand comment: Priya Varghese added a comment - 18/Mar/2022 5:09 AM

Priya Varghese added a comment - 18/Mar/2022 5:09 AM Hello, Thank you so much for your comments on this issue. We value your feedback. We’re doing further research on the usage of the Jira Import Tool (also known as Jira Importers Plug-in / CSV Import / Trello Import), and we’d like to invite you to take part in an upcoming customer research study.   What’s involved in the research: * We’ll schedule a 1-hour session at a time that’s convenient for you. The session will be conducted over video-conference, so you can participate from anywhere around the globe. During the research, we'll start with a general chat to get to know you, and then we’d like to hear about how you use the Jira Import Tool for your tasks, and any feedback you have about the tool. As a token of our appreciation, you'll receive an e-gift card worth $100 within 5 days of completing your session.   If you're interested in taking part, please contact me on  pvarghese@atlassian.com  to schedule a time that works for you. If you have any other questions at all, feel free to reply to this message or email me directly on  pvarghese@atlassian.com We look forward to meeting you!   Cheers, Priya Varghese (Migrations Experience Design Team)

Mark Lang made changes - 13/Oct/2020 1:44 PM

Remote Link

New: This issue links to "Page (Confluence)" [ 509201 ]

Mark Lang made changes - 20/Aug/2020 3:30 AM

Remote Link

New: This issue links to "Page (Confluence)" [ 500449 ]

Collapse comment: Bl Ldd added a comment - 17/Jul/2020 5:22 PM

Bl Ldd added a comment - 17/Jul/2020 5:22 PM

Is there any advisory on how to reproduce this issue?

Expand comment: Bl Ldd added a comment - 17/Jul/2020 5:22 PM

Bl Ldd added a comment - 17/Jul/2020 5:22 PM Is there any advisory on how to reproduce this issue?

set-jac-bot made changes - 22/May/2020 8:22 AM

Fixed in Enterprise Release/s

New: [Download 8.5|https://confluence.atlassian.com/enterprise/atlassian-enterprise-releases-948227420.html]

Daniel Rauf made changes - 01/Apr/2020 8:48 AM

Fix Version/s

New: 8.5.5 [ 91506 ]

Collapse comment: Deleted Account (Inactive) added a comment - 04/Mar/2020 5:32 PM

Deleted Account (Inactive) added a comment - 04/Mar/2020 5:32 PM

I see now that the enterprise releases might only receive fixes for critical severity issues. 

Expand comment: Deleted Account (Inactive) added a comment - 04/Mar/2020 5:32 PM

Deleted Account (Inactive) added a comment - 04/Mar/2020 5:32 PM I see now that the enterprise releases might only receive fixes for critical severity issues. 

Collapse comment: Deleted Account (Inactive) added a comment - 21/Feb/2020 4:02 PM, Edited by Deleted Account - 21/Feb/2020 4:02 PM

Deleted Account (Inactive) added a comment - 21/Feb/2020 4:02 PM - edited

Why is this closed without a fix for enterprise version 7.13.x?

Expand comment: Deleted Account (Inactive) added a comment - 21/Feb/2020 4:02 PM, Edited by Deleted Account - 21/Feb/2020 4:02 PM

Deleted Account (Inactive) added a comment - 21/Feb/2020 4:02 PM - edited Why is this closed without a fix for enterprise version 7.13.x?

Collapse comment: Maxime Lemanissier added a comment - 11/Feb/2020 8:56 AM

Maxime Lemanissier added a comment - 11/Feb/2020 8:56 AM

is it planned to backport this fix in enterprise release 8.5?

Expand comment: Maxime Lemanissier added a comment - 11/Feb/2020 8:56 AM

Maxime Lemanissier added a comment - 11/Feb/2020 8:56 AM is it planned to backport this fix in enterprise release 8.5?

Collapse comment: Mateusz Marzęcki added a comment - 11/Feb/2020 8:43 AM

Mateusz Marzęcki added a comment - 11/Feb/2020 8:43 AM

Hi 3f81e0371c86,

thanks for reaching out to us, the fix is available in 8.6.0 and further releases. 

Greetings.

Expand comment: Mateusz Marzęcki added a comment - 11/Feb/2020 8:43 AM

Mateusz Marzęcki added a comment - 11/Feb/2020 8:43 AM Hi 3f81e0371c86 , thanks for reaching out to us, the fix is available in 8.6.0 and further releases.  Greetings.

Load more older events