CVE-2019-15005

CWE-862Missing Authorization3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.2%
top 55.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
Atlassian BambooAtlassian Bitbucket ServerAtlassian Confluence Server+8 more
Timeline
PublishedNov 8
Latest updateMay 24

Description

The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into. A vulnerable version of the plugin is included with Bitbucket Server / Data Center before 6.6.0, Confluence Server / Data Center before 7.0.1, Jira Server /

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages15 packages

CVEListV5atlassian/jira_serverunspecified8.3.2
CVEListV5atlassian/bitbucket_serverunspecified6.6.0
CVEListV5atlassian/confluence_serverunspecified7.0.1
CVEListV5atlassian/crowdunspecified3.6.0
NVDatlassian/crowd< 3.6.0

🔴Vulnerability Details

2
GHSA
GHSA-3xw8-mq4w-hh6g: The Atlassian Troubleshooting and Support Tools plugin prior to version 12022-05-24
CVEList
CVE-2019-15005: The Atlassian Troubleshooting and Support Tools plugin prior to version 12019-11-08