[JSWSERVER-20255] Improper Authorization in Jira Server through ATST Plugin - CVE-2019-15005 - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: Low (View bug fix roadmap)
Fix Version/s: 8.3.2
Affects Version/s: 8.0.0, 8.1.0, 8.0.1, 8.0.2, 8.0.3, 8.1.1, 8.0.4, 8.2.0, 8.1.2, 8.2.1, 8.2.2, 8.2.3, 8.3.0, 8.3.1, 8.2.4, 8.2.5, 8.1.3
Component/s: UPM (Universal Plugin Manager)
Labels:

Introduced in Version:
8
Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

The Atlassian Troubleshooting and Support Tools (ATST) plugin prior to version 1.17.2 which was used in Jira Server & Jira Data Center before version 8.3.2, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into.

relates to

BSERV-11960 Improper Authorization in Bitbucket Server through ATST Plugin - CVE-2019-15005

Closed

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Affected customers:: 0 This affects my team

Watchers:: 1 Start watching this issue

Created:: 25/Sep/2019 9:26 PM

Updated:: 10/Dec/2019 3:24 AM

Resolved:: 25/Sep/2019 9:35 PM

Jira Software Data Center

Details

Description

Attachments

Issue Links

Forms

Activity

[JSWSERVER-20255] Improper Authorization in Jira Server through ATST Plugin - CVE-2019-15005

People

Dates

Backbone Issue Sync