Uploaded image for project: 'Jira Service Management Server and Data Center'
  1. Jira Service Management Server and Data Center
  2. JSDSERVER-6517

URL Path Traversal in Jira Service Desk Server and Jira Service Desk Data Center Allows Information Disclosure - CVE-2019-14994

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Low
    • Resolution: Fixed
    • 1.0, 1.0.3, 1.0.4, 1.1, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.2, 1.2.0.1, 1.2.0.2, 1.2.1, 1.2.4, 1.2.4.1, 1.2.5, 1.2.6, 1.2.6.1, 1.2.7, 2.0, 2.0.1, 2.0.2, 2.0.4, 2.0.3, 2.1, 2.1.1, 2.1.2, 2.2, 2.2.1, 2.3, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.4.1, 2.4.2, 2.4.3, 2.5.0, 2.5.2, 2.5.3, 2.5.4, 2.5.6, 3.0.0, 3.1.0, 2.5.8, 3.0.2, 2.5.9, 3.0.4, 3.0.5, 3.0.9, 3.0.10, 3.1.1, 3.1.2, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.8, 3.1.9, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.2.11, 3.2.10, 3.2.12, 3.2.13, 3.2.14, 3.2.15, 3.3.0, 3.3.1, 3.3.2, 3.4.0, 3.4.1, 3.4.2, 3.5.0, 3.5.1, 3.5.2, 3.5.3, 3.6.0, 3.6.1, 3.6.2, 3.6.4, 3.7.0, 3.7.1, 3.7.2, 3.8.1, 3.8.2, 3.8.3, 3.8.4, 3.8.5, 3.9.0, 3.9.1, 3.9.2, 3.9.3, 3.9.4, 3.9.6, 3.9.7, 3.9.8, 3.9.9, 3.9.10, 3.9.11, 3.10.0, 3.10.1, 3.10.2, 3.10.4, 3.11.0, 3.11.1, 3.11.2, 3.11.4, 3.12.0, 3.12.2, 3.13.0, 3.13.1, 3.13.2, 3.14.0, 3.14.1, 3.14.2, 3.15.0, 3.15.1, 3.15.2, 3.15.3, 3.16.0, 3.16.1, 4.0.0, 3.9.12, 3.16.2, 4.0.2, 4.1.0, 4.0.3, 3.9.13, 3.16.3, 4.1.1, 4.2.0, 3.16.4, 4.1.2, 3.9.14, 4.3.0, 4.2.1, 4.4.0, 4.2.2, 3.16.5, 4.2.3, 4.3.1, 3.16.6, 4.1.3, 3.9.15, 4.2.4, 4.3.2, 4.3.3
    • 4.1.3, 3.9.16, 4.4.1, 4.2.5, 4.3.4, 3.16.8
    • Customer Portal

    Description

      A URL path traversal vulnerability in Jira Service Desk Server and Jira Service Desk Data Center allows a remote attacker with portal access to view all issues from all projects in the affected instance. This could include Jira Service Desk projects, Jira Core projects, and Jira Software projects. Note that when the Anyone can email the service desk or raise a request in the portal setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.

      Affected Versions

      • All versions prior to 3.9.16
      • Versions from 3.10.0 prior to 3.16.8
      • Versions from 4.0.0 prior to 4.1.3
      • Versions from 4.2.0 prior to 4.2.5
      • Versions from 4.3.0 prior to 4.3.4
      • Version 4.4.0

      Workaround

      • Block requests to Jira containing .. at the reverse proxy or load balancer level
      • Alternatively, configure Jira to redirect requests containing .. to a safe URL via urlrewrite.xml
        • Please see Jira KB for workaround details
      • Restart Jira

      Refer to the Jira KB for more information on these workarounds.

      Fix

      Note: Upgrading Jira Service Desk also requires upgrading Jira Core. Check the compatibility matrix to find the equivalent version for your Jira Service Desk version.

      For additional details, see the full advisory.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              badeloye@atlassian.com Brian Adeloye (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Backbone Issue Sync