[JSWSERVER-20111] Denial of service in issue searching through Epic Name ordering - CVE-2019-11583 - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Medium (View bug fix roadmap)
Fix Version/s: 8.1.0, 7.13.4
Affects Version/s: 7.2.15, 8.0.0, 7.13.1, 7.6.11
Component/s: Epics
Labels:

Fixed in Long Term Support Release/s:

Download 7.13
Introduced in Version:
7.02
Symptom Severity:
Severity 1 - Critical
Bug Fix Policy:
View Atlassian Server bug fix policy

The issue searching component in Jira before version 8.1.0 allows remote attackers to
deny access to Jira service via denial of service vulnerability in issue search when ordering by "Epic Name".

mentioned in: Page Failed to load

set-jac-bot made changes - 22/May/2020 8:10 AM

Fixed in Enterprise Release/s

New: [Download 7.13|https://confluence.atlassian.com/enterprise/atlassian-enterprise-releases-948227420.html]

sbrown added a comment - 16/Jan/2020 5:53 PM

@SecurityB, looking for clarity on the vulnerable versions.

Is it just 7.13.4 or 7.13.4 or greater?

sbrown added a comment - 16/Jan/2020 5:53 PM @SecurityB, looking for clarity on the vulnerable versions. Is it just 7.13.4 or 7.13.4 or greater?

Vas91 added a comment - 30/Dec/2019 6:56 AM - edited

@SecurityB

Please let me know about the status of versions 7.13.x greater than 7.13.4

Thanks!

Vas91 added a comment - 30/Dec/2019 6:56 AM - edited @SecurityB Please let me know about the status of versions 7.13.x greater than 7.13.4 Thanks!

Said made changes - 10/Dec/2019 4:23 AM

Labels

Original: CVE-2019-11583 advisory advisory-released cvss-medium denial-of-service pse-request security

New: CVE-2019-11583 advisory advisory-released application-dos cvss-medium denial-of-service pse-request security

Prashant Karakanagoudar added a comment - 13/Nov/2019 2:19 PM

Is there any workaround for this bug? or do we need to upgrade immediately? We are in version 7.13.2

Prashant Karakanagoudar added a comment - 13/Nov/2019 2:19 PM Is there any workaround for this bug? or do we need to upgrade immediately? We are in version 7.13.2

Manoj Chhetry added a comment - 04/Nov/2019 8:57 PM

Is it fixed on version 7.13.4 and above or just the version 7.13.14? We are at 7.13.8 so do we need to upgrade to apply the fix?

Manoj Chhetry added a comment - 04/Nov/2019 8:57 PM Is it fixed on version 7.13.4 and above or just the version 7.13.14? We are at 7.13.8 so do we need to upgrade to apply the fix?

Robbie (Inactive) made changes - 12/Aug/2019 3:12 PM

Fix Version/s

New: 7.13.4 [ 86493 ]

Clement made changes - 09/Aug/2019 12:55 AM

Remote Link

New: This issue links to "Page (Confluence)" [ 442441 ]

David Black made changes - 23/Jun/2019 10:59 PM

Description

Original: obfuscated description

New: obfuscated description

David Black made changes - 23/Jun/2019 10:54 PM

Description

Original: obfuscated description

New: obfuscated description

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Affected customers:: 0 This affects my team

Watchers:: 13 Start watching this issue

Created:: 23/Jun/2019 10:48 PM

Updated:: 22/May/2020 8:10 AM

Resolved:: 23/Jun/2019 10:48 PM

Jira Software Data Center

Details

Description

Attachments

Issue Links

Forms

Activity

[JSWSERVER-20111] Denial of service in issue searching through Epic Name ordering - CVE-2019-11583

Collapse comment: sbrown added a comment - 16/Jan/2020 5:53 PM

Expand comment: sbrown added a comment - 16/Jan/2020 5:53 PM

Collapse comment: Vas91 added a comment - 30/Dec/2019 6:56 AM, Edited by Vas91 - 01/Jan/2020 1:22 PM

Expand comment: Vas91 added a comment - 30/Dec/2019 6:56 AM, Edited by Vas91 - 01/Jan/2020 1:22 PM

Collapse comment: Prashant Karakanagoudar added a comment - 13/Nov/2019 2:19 PM

Expand comment: Prashant Karakanagoudar added a comment - 13/Nov/2019 2:19 PM

Collapse comment: Manoj Chhetry added a comment - 04/Nov/2019 8:57 PM

Expand comment: Manoj Chhetry added a comment - 04/Nov/2019 8:57 PM

People

Dates

Backbone Issue Sync