• Type: Bug
• Resolution: Fixed
• Priority: Low
• Fix Version/s: 4.1.3, 3.9.16, 4.4.1, 4.2.5, 4.3.4, 3.16.8
• Affects Version/s: 1.0, (157)
  1.0.3, 1.0.4, 1.1, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.2, 1.2.0.1, 1.2.0.2, 1.2.1, 1.2.4, 1.2.4.1, 1.2.5, 1.2.6, 1.2.6.1, 1.2.7, 2.0, 2.0.1, 2.0.2, 2.0.4, 2.0.3, 2.1, 2.1.1, 2.1.2, 2.2, 2.2.1, 2.3, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.4.1, 2.4.2, 2.4.3, 2.5.0, 2.5.2, 2.5.3, 2.5.4, 2.5.6, 3.0.0, 3.1.0, 2.5.8, 3.0.2, 2.5.9, 3.0.4, 3.0.5, 3.0.9, 3.0.10, 3.1.1, 3.1.2, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.8, 3.1.9, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.2.11, 3.2.10, 3.2.12, 3.2.13, 3.2.14, 3.2.15, 3.3.0, 3.3.1, 3.3.2, 3.4.0, 3.4.1, 3.4.2, 3.5.0, 3.5.1, 3.5.2, 3.5.3, 3.6.0, 3.6.1, 3.6.2, 3.6.4, 3.7.0, 3.7.1, 3.7.2, 3.8.1, 3.8.2, 3.8.3, 3.8.4, 3.8.5, 3.9.0, 3.9.1, 3.9.2, 3.9.3, 3.9.4, 3.9.6, 3.9.7, 3.9.8, 3.9.9, 3.9.10, 3.9.11, 3.10.0, 3.10.1, 3.10.2, 3.10.4, 3.11.0, 3.11.1, 3.11.2, 3.11.4, 3.12.0, 3.12.2, 3.13.0, 3.13.1, 3.13.2, 3.14.0, 3.14.1, 3.14.2, 3.15.0, 3.15.1, 3.15.2, 3.15.3, 3.16.0, 3.16.1, 4.0.0, 3.9.12, 3.16.2, 4.0.2, 4.1.0, 4.0.3, 3.9.13, 3.16.3, 4.1.1, 4.2.0, 3.16.4, 4.1.2, 3.9.14, 4.3.0, 4.2.1, 4.4.0, 4.2.2, 3.16.5, 4.2.3, 4.3.1, 3.16.6, 4.1.3, 3.9.15, 4.2.4, 4.3.2, 4.3.3
• Component/s: Customer Portal
• Labels:

  • CVE-2019-14994
  • advisory
  • advisory-released
  • bugbounty
  • cvss-high
  • improper-authorization
  • security

[JSDSERVER-6517] URL Path Traversal in Jira Service Desk Server and Jira Service Desk Data Center Allows Information Disclosure - CVE-2019-14994

Alex [Atlassian,PSE] made changes - 22/Jun/2021 12:54 AM

Description

Original: A URL path traversal vulnerability in Jira Service Desk Server and Jira Service Desk Data Center allows a remote attacker with portal access to view all issues from all projects in the affected instance. This could include Jira Service Desk projects, Jira Core projects, and Jira Software projects. Note that when the [*Anyone can email the service desk or raise a request in the portal* setting|https://confluence.atlassian.com/servicedeskserver/managing-access-to-your-service-desk-939926273.html] is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability. h3. Affected Versions  * All versions prior to 3.9.16  * Versions from 3.10.0 prior to 3.16.8  * Versions from 4.0.0 prior to 4.1.3  * Versions from 4.2.0 prior to 4.2.5  * Versions from 4.3.0 prior to 4.3.4  * Version 4.4.0 h3. Workaround  * Block requests to Jira containing {{..}} at the reverse proxy or load balancer level  * Alternatively, configure Jira to redirect requests containing {{..}} to a safe URL   ** Add the following to the {{<urlrewrite>}} section of  {{[jira-installation-directory]/atlassian-jira/WEB-INF/urlrewrite.xml}}: {noformat}   <rule>         <from>^/[^?]*\.\..*$</from>         <to type="temporary-redirect">/</to>   </rule>{noformat}  * [Restart Jira|https://confluence.atlassian.com/adminjiraserver/start-and-stop-jira-applications-938847802.html] Refer to the [Jira KB|https://confluence.atlassian.com/jirakb/migating-url-path-traversal-for-affected-cve-2019-14994-976762572.html] for more information on these workarounds. h3. Fix *Note:* Upgrading Jira Service Desk also requires upgrading Jira Core. Check the [compatibility matrix|https://confluence.atlassian.com/adminjira/jira-applications-compatibility-matrix-875304597.html] to find the equivalent version for your Jira Service Desk version.  * 4.4.1 which is available for download from [https://www.atlassian.com/software/jira/service-desk/update].  * 4.3.4 which is available for download from [https://www.atlassian.com/software/jira/service-desk/update].  * 4.2.5 which is available for download from [https://www.atlassian.com/software/jira/service-desk/update].  * 4.1.3 which is available for download from [https://www.atlassian.com/software/jira/service-desk/update].  * 3.16.8 which is available for download from [https://www.atlassian.com/software/jira/service-desk/update].  * 3.9.16 which is available for download from [https://www.atlassian.com/software/jira/service-desk/update]. For additional details, see the [full advisory|https://confluence.atlassian.com/jira/jira-service-desk-security-advisory-2019-09-11-976171274.html].

New: A URL path traversal vulnerability in Jira Service Desk Server and Jira Service Desk Data Center allows a remote attacker with portal access to view all issues from all projects in the affected instance. This could include Jira Service Desk projects, Jira Core projects, and Jira Software projects. Note that when the [*Anyone can email the service desk or raise a request in the portal* setting|https://confluence.atlassian.com/servicedeskserver/managing-access-to-your-service-desk-939926273.html] is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability. h3. Affected Versions  * All versions prior to 3.9.16  * Versions from 3.10.0 prior to 3.16.8  * Versions from 4.0.0 prior to 4.1.3  * Versions from 4.2.0 prior to 4.2.5  * Versions from 4.3.0 prior to 4.3.4  * Version 4.4.0 h3. Workaround  * Block requests to Jira containing {{..}} at the reverse proxy or load balancer level  * Alternatively, configure Jira to redirect requests containing {{..}} to a safe URL via {{urlrewrite.xml}}  ** Please see [Jira KB|https://confluence.atlassian.com/jirakb/migating-url-path-traversal-for-affected-cve-2019-14994-976762572.html] for workaround details  * [Restart Jira|https://confluence.atlassian.com/adminjiraserver/start-and-stop-jira-applications-938847802.html] Refer to the [Jira KB|https://confluence.atlassian.com/jirakb/migating-url-path-traversal-for-affected-cve-2019-14994-976762572.html] for more information on these workarounds. h3. Fix *Note:* Upgrading Jira Service Desk also requires upgrading Jira Core. Check the [compatibility matrix|https://confluence.atlassian.com/adminjira/jira-applications-compatibility-matrix-875304597.html] to find the equivalent version for your Jira Service Desk version.  * 4.4.1 which is available for download from [https://www.atlassian.com/software/jira/service-desk/update].  * 4.3.4 which is available for download from [https://www.atlassian.com/software/jira/service-desk/update].  * 4.2.5 which is available for download from [https://www.atlassian.com/software/jira/service-desk/update].  * 4.1.3 which is available for download from [https://www.atlassian.com/software/jira/service-desk/update].  * 3.16.8 which is available for download from [https://www.atlassian.com/software/jira/service-desk/update].  * 3.9.16 which is available for download from [https://www.atlassian.com/software/jira/service-desk/update]. For additional details, see the [full advisory|https://confluence.atlassian.com/jira/jira-service-desk-security-advisory-2019-09-11-976171274.html].

Alex [Atlassian,PSE] made changes - 16/Apr/2021 3:58 AM

Remote Link

New: This issue links to "Page (Confluence)" [ 544490 ]

David Black made changes - 01/Jul/2020 12:52 AM

Labels

Original: CVE-2019-14994 advisory advisory-to-release bugbounty cvss-high improper-authorization security

New: CVE-2019-14994 advisory advisory-released bugbounty cvss-high improper-authorization security

set-jac-bot made changes - 22/May/2020 8:11 AM

Fixed in Enterprise Release/s

New: [Download 3.9, 3.16|https://confluence.atlassian.com/enterprise/atlassian-enterprise-releases-948227420.html]

Sven Laanela (Inactive) made changes - 03/Mar/2020 3:07 AM

Affects Version/s

Original: 3.12.3 [ 80701 ]

Sven Laanela (Inactive) made changes - 03/Mar/2020 3:06 AM

Affects Version/s

Original: 3.11.3 [ 85596 ]

Sven Laanela (Inactive) made changes - 03/Mar/2020 3:00 AM

Affects Version/s

Original: 4.0.4 [ 88099 ]

Said made changes - 17/Feb/2020 5:14 AM

Remote Link

New: This issue links to "Page (Confluence)" [ 471321 ]

Aidan Goldthorpe made changes - 05/Dec/2019 7:10 AM

Labels

Original: CVE-2019-14994 advisory advisory-to-release bugbounty cvss-high security

New: CVE-2019-14994 advisory advisory-to-release bugbounty cvss-high improper-authorization security

Дмитрий made changes - 11/Oct/2019 10:04 AM

Link

New: This issue is related to JSDSERVER-6591 [ JSDSERVER-6591 ]

Load more older history items