• Type: Bug
• Resolution: Fixed
• Priority: Medium (View bug fix roadmap)
• Fix Version/s: 8.1.0, 7.13.4
• Affects Version/s: 7.2.15, 8.0.0, 7.13.1, 7.6.11
• Component/s: Epics
• Labels:

  • CVE-2019-11583
  • advisory
  • advisory-released
  • application-dos
  • cvss-medium
  • denial-of-service
  • pse-request
  • security

[JSWSERVER-20111] Denial of service in issue searching through Epic Name ordering - CVE-2019-11583

Collapse comment: sbrown added a comment - 16/Jan/2020 5:53 PM

sbrown added a comment - 16/Jan/2020 5:53 PM

@SecurityB, looking for clarity on the vulnerable versions.

Is it just 7.13.4 or 7.13.4 or greater?

Expand comment: sbrown added a comment - 16/Jan/2020 5:53 PM

sbrown added a comment - 16/Jan/2020 5:53 PM @SecurityB, looking for clarity on the vulnerable versions. Is it just 7.13.4 or 7.13.4 or greater?

Collapse comment: Vas91 added a comment - 30/Dec/2019 6:56 AM, Edited by Vas91 - 01/Jan/2020 1:22 PM

Vas91 added a comment - 30/Dec/2019 6:56 AM - edited

@SecurityB

Please let me know about the status of versions 7.13.x  greater than  7.13.4

 

Thanks!

Expand comment: Vas91 added a comment - 30/Dec/2019 6:56 AM, Edited by Vas91 - 01/Jan/2020 1:22 PM

Vas91 added a comment - 30/Dec/2019 6:56 AM - edited @SecurityB Please let me know about the status of versions 7.13.x  greater than  7.13.4   Thanks!

Collapse comment: Prashant Karakanagoudar added a comment - 13/Nov/2019 2:19 PM

Prashant Karakanagoudar added a comment - 13/Nov/2019 2:19 PM

Is there any workaround for this bug? or do we need to upgrade immediately? We are in version 7.13.2

Expand comment: Prashant Karakanagoudar added a comment - 13/Nov/2019 2:19 PM

Prashant Karakanagoudar added a comment - 13/Nov/2019 2:19 PM Is there any workaround for this bug? or do we need to upgrade immediately? We are in version 7.13.2

Collapse comment: Manoj Chhetry added a comment - 04/Nov/2019 8:57 PM

Manoj Chhetry added a comment - 04/Nov/2019 8:57 PM

Is it fixed on version 7.13.4 and above or just the version 7.13.14? We are at 7.13.8 so do we need to upgrade to apply the fix?

Expand comment: Manoj Chhetry added a comment - 04/Nov/2019 8:57 PM

Manoj Chhetry added a comment - 04/Nov/2019 8:57 PM Is it fixed on version 7.13.4 and above or just the version 7.13.14? We are at 7.13.8 so do we need to upgrade to apply the fix?

Collapse comment: Security Metrics Bot added a comment - 23/Jun/2019 10:48 PM

Security Metrics Bot added a comment - 23/Jun/2019 10:48 PM

This is an independent assessment and you should evaluate its applicability to your own IT environment.
CVSS v3 score: 5.3 => Medium severity

Exploitability Metrics

Attack Vector	Network
Attack Complexity	High
Privileges Required	Low
User Interaction	None

Scope Metric

Scope	Unchanged

Impact Metrics

Confidentiality	None
Integrity	None
Availability	High

https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

depending upon the authentication and custom field setup requirements.

Expand comment: Security Metrics Bot added a comment - 23/Jun/2019 10:48 PM

Security Metrics Bot added a comment - 23/Jun/2019 10:48 PM This is an independent assessment and you should evaluate its applicability to your own IT environment. CVSS v3 score: 5.3 => Medium severity Exploitability Metrics Attack Vector Network Attack Complexity High Privileges Required Low User Interaction None Scope Metric Scope Unchanged Impact Metrics Confidentiality None Integrity None Availability High https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H depending upon the authentication and custom field setup requirements.