URL Path Traversal in Jira Service Desk Server and Jira Service Desk Data Center Allows Information Disclosure - CVE-2019-14994

2019-08-1919:00:32

[email protected]

jira.atlassian.com

EPSS

0.004

Percentile

73.1%

JSON

A URL path traversal vulnerability in Jira Service Desk Server and Jira Service Desk Data Center allows a remote attacker with portal access to view all issues from all projects in the affected instance. This could include Jira Service Desk projects, Jira Core projects, and Jira Software projects. Note that when the [Anyone can email the service desk or raise a request in the portal setting|https://confluence.atlassian.com/servicedeskserver/managing-access-to-your-service-desk-939926273.html] is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.
h3. Affected Versions

All versions prior to 3.9.16
Versions from 3.10.0 prior to 3.16.8
Versions from 4.0.0 prior to 4.1.3
Versions from 4.2.0 prior to 4.2.5
Versions from 4.3.0 prior to 4.3.4
Version 4.4.0

h3. Workaround

Block requests to Jira containing {{…}} at the reverse proxy or load balancer level
Alternatively, configure Jira to redirect requests containing {{…}} to a safe URL via {{urlrewrite.xml}}
** Please see [Jira KB|https://confluence.atlassian.com/jirakb/migating-url-path-traversal-for-affected-cve-2019-14994-976762572.html] for workaround details
[Restart Jira|https://confluence.atlassian.com/adminjiraserver/start-and-stop-jira-applications-938847802.html]

Refer to the [Jira KB|https://confluence.atlassian.com/jirakb/migating-url-path-traversal-for-affected-cve-2019-14994-976762572.html] for more information on these workarounds.
h3. Fix

Note: Upgrading Jira Service Desk also requires upgrading Jira Core. Check the [compatibility matrix|https://confluence.atlassian.com/adminjira/jira-applications-compatibility-matrix-875304597.html] to find the equivalent version for your Jira Service Desk version.