CVE-2019-14994

CWE-22 — Path Traversal4 documents4 sources

Severity

7.5HIGH

EPSS

1.7%

top 17.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Jira Service Desk Data Center Atlassian Jira Service Desk Server Atlassian Jira Service Desk

Timeline

PublishedSep 19

Latest updateMay 24

Description

The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.16, from version 3.10.0 before version 3.16.8, from version 4.0.0 before version 4.1.3, from version 4.2.0 before version 4.2.5, from version 4.3.0 before version 4.3.4, and version 4.4.0 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the 'Anyone can email the service desk or ra…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5atlassian/jira_service_desk_data_centerunspecified — 3.9.16+9

▶CVEListV5atlassian/jira_service_desk_serverunspecified — 3.9.16+9

▶NVDatlassian/jira_service_desk3.10.0 — 3.16.8+5

🔴Vulnerability Details

GHSA

GHSA-3px6-x742-ffjj: The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3↗2022-05-24

▶

CVEList

CVE-2019-14994: The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3↗2019-09-19

▶