-
Public Security Vulnerability
-
Resolution: Fixed
-
Low
-
4.22.5
-
2.6
-
Low
The mail handler in Jira Service Management (JSM) Server and Data Center 4.22.5 incorrectly maps new incoming emails to the wrong JSM project, instead of the project linked to the mailbox the mails were sent to. If JSM is configured to process emails and create tickets in a restricted-access project, it may incorrectly create tickets in a widely accessible project, resulting in information disclosure.
Affected version
- 4.22.5
Fixed versions
- 4.22.x >= 4.22.6
- details
-
JSDSERVER-11884 The JSM Mail Handler functionality creates tickets from incoming emails in wrong projects
-
- Closed
-
This is an independent assessment and you should evaluate its applicability to your own IT environment.
CVSS v3 score: 2.6 => Low severity
Exploitability Metrics
Scope Metric
Impact Metrics
https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N