Uploaded image for project: 'Jira Service Desk Server and Data Center'
  1. Jira Service Desk Server and Data Center
  2. JSDSERVER-6517

URL Path Traversal in Jira Service Desk Server and Jira Service Desk Data Center Allows Information Disclosure - CVE-2019-14994

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Low
    • Resolution: Fixed
    • Affects Version/s: 1.0, 1.0.3, 1.0.4, 1.1, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.2, 1.2.0.1, 1.2.0.2, 1.2.1, 1.2.4, 1.2.4.1, 1.2.5, 1.2.6, 1.2.6.1, 1.2.7, 2.0, 2.0.1, 2.0.2, 2.0.4, 2.0.3, 2.1, 2.1.1, 2.1.2, 2.2, 2.2.1, 2.3, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.4.1, 2.4.2, 2.4.3, 2.5.0, 2.5.2, 2.5.3, 2.5.4, 2.5.6, 3.0.0, 3.1.0, 2.5.8, 3.0.2, 2.5.9, 3.0.4, 3.0.5, 3.0.9, 3.0.10, 3.1.1, 3.1.2, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.8, 3.1.9, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.2.11, 3.2.10, 3.2.12, 3.2.13, 3.2.14, 3.2.15, 3.3.0, 3.3.1, 3.3.2, 3.4.0, 3.4.1, 3.4.2, 3.5.0, 3.5.1, 3.5.2, 3.5.3, 3.6.0, 3.6.1, 3.6.2, 3.6.4, 3.7.0, 3.7.1, 3.7.2, 3.8.1, 3.8.2, 3.8.3, 3.8.4, 3.8.5, 3.9.0, 3.9.1, 3.9.2, 3.9.3, 3.9.4, 3.9.6, 3.9.7, 3.12.3, 3.9.8, 3.9.9, 3.9.10, 3.9.11, 3.10.0, 3.10.1, 3.10.2, 3.10.4, 3.11.0, 3.11.1, 3.11.2, 3.11.4, 3.12.0, 3.12.2, 3.13.0, 3.13.1, 3.13.2, 3.14.0, 3.14.1, 3.14.2, 3.15.0, 3.15.1, 3.15.2, 3.15.3, 3.16.0, 3.16.1, 4.0.0, 3.9.12, 3.11.3, 3.16.2, 4.0.2, 4.1.0, 4.0.3, 3.9.13, 3.16.3, 4.1.1, 4.2.0, 3.16.4, 4.1.2, 3.9.14, 4.3.0, 4.2.1, 4.4.0, 4.2.2, 3.16.5, 4.2.3, 4.3.1, 3.16.6, 4.1.3, 4.0.4, 3.9.15, 4.2.4, 4.3.2, 4.3.3
    • Fix Version/s: 4.1.3, 3.9.16, 3.16.8, 4.4.1, 4.2.5, 4.3.4
    • Component/s: Customer Portal

      Description

      A URL path traversal vulnerability in Jira Service Desk Server and Jira Service Desk Data Center allows a remote attacker with portal access to view all issues from all projects in the affected instance. This could include Jira Service Desk projects, Jira Core projects, and Jira Software projects. Note that when the Anyone can email the service desk or raise a request in the portal setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.

      Affected Versions

      • All versions prior to 3.9.16
      • Versions from 3.10.0 prior to 3.16.8
      • Versions from 4.0.0 prior to 4.1.3
      • Versions from 4.2.0 prior to 4.2.5
      • Versions from 4.3.0 prior to 4.3.4
      • Version 4.4.0

      Workaround

      • Block requests to Jira containing .. at the reverse proxy or load balancer level
      • Alternatively, configure Jira to redirect requests containing .. to a safe URL 
        • Add the following to the <urlrewrite> section of
          [jira-installation-directory]/atlassian-jira/WEB-INF/urlrewrite.xml:
            <rule>
                  <from>^/[^?]*\.\..*$</from>
                  <to type="temporary-redirect">/</to>
            </rule>

      Refer to the Jira KB for more information on these workarounds.

      Fix

      Note: Upgrading Jira Service Desk also requires upgrading Jira Core. Check the compatibility matrix to find the equivalent version for your Jira Service Desk version.

      For additional details, see the full advisory.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              badeloye@atlassian.com Brian Adeloye
              Votes:
              1 Vote for this issue
              Watchers:
              9 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved: