CVE-2019-15003Path Traversal in Atlassian Jira Service Desk Data Center

CWE-22Path Traversal3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.5%
top 33.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Atlassian Jira Service Desk Data CenterAtlassian Jira Service Desk ServerAtlassian Jira Service Desk
Timeline
PublishedNov 7
Latest updateMay 24

Description

The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via authorization bypass. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

CVEListV5atlassian/jira_service_desk_data_centerunspecified3.9.17+10
CVEListV5atlassian/jira_service_desk_serverunspecified3.9.17+10
NVDatlassian/jira_service_desk3.10.03.16.10+5

🔴Vulnerability Details

2
GHSA
GHSA-3hpc-662x-gv32: The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 32022-05-24
CVEList
CVE-2019-15003: The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 32019-11-07
CVE-2019-15003 — Path Traversal in Atlassian | cvebase