CVE-2019-15004Path Traversal in Atlassian Jira Service Desk Data Center

CWE-22Path Traversal3 documents3 sources
Severity
7.5HIGHNVD
EPSS
4.4%
top 10.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Atlassian Jira Service Desk Data CenterAtlassian Jira Service Desk ServerAtlassian Jira Service Desk
Timeline
PublishedNov 7
Latest updateMay 24

Description

The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

CVEListV5atlassian/jira_service_desk_data_centerunspecified3.9.17+10
CVEListV5atlassian/jira_service_desk_serverunspecified3.9.17+10
NVDatlassian/jira_service_desk3.10.03.16.10+5

🔴Vulnerability Details

2
GHSA
GHSA-6qgm-96gr-qq5m: The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 32022-05-24
CVEList
CVE-2019-15004: The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 32019-11-07
CVE-2019-15004 — Path Traversal in Atlassian | cvebase