• Type: Bug
• Resolution: Fixed
• Priority: Low (View bug fix roadmap)
• Fix Version/s: 8.3.2
• Affects Version/s: 8.0.0, 8.1.0, 8.0.1, 8.0.2, 8.0.3, 8.1.1, 8.0.4, 8.2.0, 8.1.2, 8.2.1, 8.2.2, 8.2.3, 8.3.0, 8.3.1, 8.2.4, 8.2.5, 8.1.3
• Component/s: UPM (Universal Plugin Manager)
• Labels:

  • CVE-2019-15005
  • advisory
  • advisory-released
  • improper-authorization
  • security

[JSWSERVER-20255] Improper Authorization in Jira Server through ATST Plugin - CVE-2019-15005

Said made changes - 10/Dec/2019 3:24 AM

Labels

Original: CVE-2019-15005 advisory advisory-released security

New: CVE-2019-15005 advisory advisory-released improper-authorization security

David Black made changes - 08/Nov/2019 3:49 AM

Labels

Original: CVE-2019-15005 advisory advisory-released advisory-to-release security

New: CVE-2019-15005 advisory advisory-released security

David Black made changes - 08/Nov/2019 3:48 AM

Labels	Original: CVE-2019-15005 advisory advisory-to-release security	New: CVE-2019-15005 advisory advisory-released advisory-to-release security
Security	Original: Atlassian Staff [ 10750 ]

David Black made changes - 07/Nov/2019 9:54 PM

Description

Original:  The Atlassian Troubleshooting and Support Tools (ATST) plugin prior to version 1.17.2 in Jira Server & Jira Data Center before 8.3.2, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into.

New:  The Atlassian Troubleshooting and Support Tools (ATST) plugin prior to version 1.17.2 which was used in Jira Server & Jira Data Center before version 8.3.2, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into.

David Black made changes - 07/Nov/2019 9:52 PM

Description

Original:  The Atlassian Troubleshooting and Support Tools (ATST) plugin prior to version 1.17.2 in Jira Server / Data Center from 8.0.0 and before 8.3.2, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into.

New:  The Atlassian Troubleshooting and Support Tools (ATST) plugin prior to version 1.17.2 in Jira Server & Jira Data Center before 8.3.2, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into.

David Black made changes - 03/Nov/2019 11:31 PM

Link

New: This issue relates to BSERV-11960 [ BSERV-11960 ]

David Black made changes - 03/Nov/2019 11:30 PM

Labels

Original: advisory advisory-to-release cve-2019-15003 security

New: CVE-2019-15005 advisory advisory-to-release security

David Black made changes - 03/Nov/2019 11:30 PM

Summary

Original: Improper Authorization in Jira Server through ATST Plugin - CVE-2019-15003

New: Improper Authorization in Jira Server through ATST Plugin - CVE-2019-15005

Yasmine made changes - 09/Oct/2019 5:03 PM

Component/s		New: UPM (Universal Plugin Manager) [ 12971 ]
Component/s	Original: AgileBoard [ 14190 ]

Yasmine made changes - 09/Oct/2019 5:00 PM

Link

Original: This issue is cloned from BSERV-11960 [ BSERV-11960 ]

Load more older history items