[JSWSERVER-20111] Denial of service in issue searching through Epic Name ordering - CVE-2019-11583 - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Medium (View bug fix roadmap)
Fix Version/s: 8.1.0, 7.13.4
Affects Version/s: 7.2.15, 8.0.0, 7.13.1, 7.6.11
Component/s: Epics
Labels:

Fixed in Long Term Support Release/s:

Download 7.13
Introduced in Version:
7.02
Symptom Severity:
Severity 1 - Critical
Bug Fix Policy:
View Atlassian Server bug fix policy

The issue searching component in Jira before version 8.1.0 allows remote attackers to
deny access to Jira service via denial of service vulnerability in issue search when ordering by "Epic Name".

mentioned in: Page Failed to load

set-jac-bot made changes - 22/May/2020 8:10 AM

Fixed in Enterprise Release/s

New: [Download 7.13|https://confluence.atlassian.com/enterprise/atlassian-enterprise-releases-948227420.html]

Said made changes - 10/Dec/2019 4:23 AM

Labels

Original: CVE-2019-11583 advisory advisory-released cvss-medium denial-of-service pse-request security

New: CVE-2019-11583 advisory advisory-released application-dos cvss-medium denial-of-service pse-request security

Robbie (Inactive) made changes - 12/Aug/2019 3:12 PM

Fix Version/s

New: 7.13.4 [ 86493 ]

Clement made changes - 09/Aug/2019 12:55 AM

Remote Link

New: This issue links to "Page (Confluence)" [ 442441 ]

David Black made changes - 23/Jun/2019 10:59 PM

Description

Original: obfuscated description

New: obfuscated description

David Black made changes - 23/Jun/2019 10:54 PM

Description

Original: obfuscated description

New: obfuscated description

David Black made changes - 23/Jun/2019 10:51 PM

Security

Original: Atlassian Staff [ 10750 ]

David Black made changes - 23/Jun/2019 10:51 PM

Labels

Original: CVE-2019-11583 advisory advisory-to-release cvss-medium denial-of-service pse-request security

New: CVE-2019-11583 advisory advisory-released cvss-medium denial-of-service pse-request security

David Black made changes - 23/Jun/2019 10:51 PM

Labels

Original: advisory advisory-to-release cvss-medium denial-of-service pse-request security

New: CVE-2019-11583 advisory advisory-to-release cvss-medium denial-of-service pse-request security

David Black made changes - 23/Jun/2019 10:51 PM

Summary

Original: Denial of service in issue searching through Epic Name ordering -

New: Denial of service in issue searching through Epic Name ordering - CVE-2019-11583

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Affected customers:: 0 This affects my team

Watchers:: 13 Start watching this issue

Created:: 23/Jun/2019 10:48 PM

Updated:: 22/May/2020 8:10 AM

Resolved:: 23/Jun/2019 10:48 PM

Jira Software Data Center

Details

Description

Attachments

Issue Links

Forms

Activity

[JSWSERVER-20111] Denial of service in issue searching through Epic Name ordering - CVE-2019-11583

People

Dates

Backbone Issue Sync