Lucene search
HistoryAug 19, 2019 - 7:00 p.m.
URL Path Traversal in Jira Service Desk Server and Jira Service Desk Data Center Allows Information Disclosure - CVE-2019-14994
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.004
Percentile
73.1%
A URL path traversal vulnerability in Jira Service Desk Server and Jira Service Desk Data Center allows a remote attacker with portal access to view all issues from all projects in the affected instance. This could include Jira Service Desk projects, Jira Core projects, and Jira Software projects. Note that when the [Anyone can email the service desk or raise a request in the portal setting|https://confluence.atlassian.com/servicedeskserver/managing-access-to-your-service-desk-939926273.html] is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.
h3. Affected Versions
- All versions prior to 3.9.16
- Versions from 3.10.0 prior to 3.16.8
- Versions from 4.0.0 prior to 4.1.3
- Versions from 4.2.0 prior to 4.2.5
- Versions from 4.3.0 prior to 4.3.4
- Version 4.4.0
h3. Workaround
- Block requests to Jira containing {{…}} at the reverse proxy or load balancer level
- Alternatively, configure Jira to redirect requests containing {{…}} to a safe URL via {{urlrewrite.xml}}
** Please see [Jira KB|https://confluence.atlassian.com/jirakb/migating-url-path-traversal-for-affected-cve-2019-14994-976762572.html] for workaround details - [Restart Jira|https://confluence.atlassian.com/adminjiraserver/start-and-stop-jira-applications-938847802.html]
Refer to the [Jira KB|https://confluence.atlassian.com/jirakb/migating-url-path-traversal-for-affected-cve-2019-14994-976762572.html] for more information on these workarounds.
h3. Fix
Note: Upgrading Jira Service Desk also requires upgrading Jira Core. Check the [compatibility matrix|https://confluence.atlassian.com/adminjira/jira-applications-compatibility-matrix-875304597.html] to find the equivalent version for your Jira Service Desk version.
- 4.4.1 which is available for download from [https://www.atlassian.com/software/jira/service-desk/update].
- 4.3.4 which is available for download from [https://www.atlassian.com/software/jira/service-desk/update].
- 4.2.5 which is available for download from [https://www.atlassian.com/software/jira/service-desk/update].
- 4.1.3 which is available for download from [https://www.atlassian.com/software/jira/service-desk/update].
- 3.16.8 which is available for download from [https://www.atlassian.com/software/jira/service-desk/update].
- 3.9.16 which is available for download from [https://www.atlassian.com/software/jira/service-desk/update].
For additional details, see the [full advisory|https://confluence.atlassian.com/jira/jira-service-desk-security-advisory-2019-09-11-976171274.html].
Affected configurations
Node
atlassianjira_service_managementRange≤1.0data_center
ORatlassianjira_service_managementRange≤1.0.3data_center
ORatlassianjira_service_managementRange≤1.0.4data_center
ORatlassianjira_service_managementRange≤1.1data_center
ORatlassianjira_service_managementRange≤1.1.1data_center
ORatlassianjira_service_managementRange≤1.1.2data_center
ORatlassianjira_service_managementRange≤1.1.3data_center
ORatlassianjira_service_managementRange≤1.1.4data_center
ORatlassianjira_service_managementRange≤1.1.5data_center
ORatlassianjira_service_managementRange≤1.1.6data_center
ORatlassianjira_service_managementRange≤1.2data_center
ORatlassianjira_service_managementRange≤1.2.0.1data_center
ORatlassianjira_service_managementRange≤1.2.0.2data_center
ORatlassianjira_service_managementRange≤1.2.1data_center
ORatlassianjira_service_managementRange≤1.2.4data_center
ORatlassianjira_service_managementRange≤1.2.4.1data_center
ORatlassianjira_service_managementRange≤1.2.5data_center
ORatlassianjira_service_managementRange≤1.2.6data_center
ORatlassianjira_service_managementRange≤1.2.6.1data_center
ORatlassianjira_service_managementRange≤1.2.7data_center
ORatlassianjira_service_managementRange≤2.0data_center
ORatlassianjira_service_managementRange≤2.0.1data_center
ORatlassianjira_service_managementRange≤2.0.2data_center
ORatlassianjira_service_managementRange≤2.0.4data_center
ORatlassianjira_service_managementRange≤2.0.3data_center
ORatlassianjira_service_managementRange≤2.1data_center
ORatlassianjira_service_managementRange≤2.1.1data_center
ORatlassianjira_service_managementRange≤2.1.2data_center
ORatlassianjira_service_managementRange≤2.2data_center
ORatlassianjira_service_managementRange≤2.2.1data_center
ORatlassianjira_service_managementRange≤2.3data_center
ORatlassianjira_service_managementRange≤2.3.2data_center
ORatlassianjira_service_managementRange≤2.3.3data_center
ORatlassianjira_service_managementRange≤2.3.4data_center
ORatlassianjira_service_managementRange≤2.3.5data_center
ORatlassianjira_service_managementRange≤2.3.6data_center
ORatlassianjira_service_managementRange≤2.4.1data_center
ORatlassianjira_service_managementRange≤2.4.2data_center
ORatlassianjira_service_managementRange≤2.4.3data_center
ORatlassianjira_service_managementRange≤2.5.0data_center
ORatlassianjira_service_managementRange≤2.5.2data_center
ORatlassianjira_service_managementRange≤2.5.3data_center
ORatlassianjira_service_managementRange≤2.5.4data_center
ORatlassianjira_service_managementRange≤2.5.6data_center
ORatlassianjira_service_managementRange≤3.0.0data_center
ORatlassianjira_service_managementRange≤3.1.0data_center
ORatlassianjira_service_managementRange≤2.5.8data_center
ORatlassianjira_service_managementRange≤3.0.2data_center
ORatlassianjira_service_managementRange≤2.5.9data_center
ORatlassianjira_service_managementRange≤3.0.4data_center
ORatlassianjira_service_managementRange≤3.0.5data_center
ORatlassianjira_service_managementRange≤3.0.9data_center
ORatlassianjira_service_managementRange≤3.0.10data_center
ORatlassianjira_service_managementRange≤3.1.1data_center
ORatlassianjira_service_managementRange≤3.1.2data_center
ORatlassianjira_service_managementRange≤3.1.4data_center
ORatlassianjira_service_managementRange≤3.1.5data_center
ORatlassianjira_service_managementRange≤3.1.6data_center
ORatlassianjira_service_managementRange≤3.1.7data_center
ORatlassianjira_service_managementRange≤3.1.8data_center
ORatlassianjira_service_managementRange≤3.1.9data_center
ORatlassianjira_service_managementRange≤3.2.0data_center
ORatlassianjira_service_managementRange≤3.2.1data_center
ORatlassianjira_service_managementRange≤3.2.2data_center
ORatlassianjira_service_managementRange≤3.2.3data_center
ORatlassianjira_service_managementRange≤3.2.4data_center
ORatlassianjira_service_managementRange≤3.2.5data_center
ORatlassianjira_service_managementRange≤3.2.6data_center
ORatlassianjira_service_managementRange≤3.2.7data_center
ORatlassianjira_service_managementRange≤3.2.8data_center
ORatlassianjira_service_managementRange≤3.2.9data_center
ORatlassianjira_service_managementRange≤3.2.11data_center
ORatlassianjira_service_managementRange≤3.2.10data_center
ORatlassianjira_service_managementRange≤3.2.12data_center
ORatlassianjira_service_managementRange≤3.2.13data_center
ORatlassianjira_service_managementRange≤3.2.14data_center
ORatlassianjira_service_managementRange≤3.2.15data_center
ORatlassianjira_service_managementRange≤3.3.0data_center
ORatlassianjira_service_managementRange≤3.3.1data_center
ORatlassianjira_service_managementRange≤3.3.2data_center
ORatlassianjira_service_managementRange≤3.4.0data_center
ORatlassianjira_service_managementRange≤3.4.1data_center
ORatlassianjira_service_managementRange≤3.4.2data_center
ORatlassianjira_service_managementRange≤3.5.0data_center
ORatlassianjira_service_managementRange≤3.5.1data_center
ORatlassianjira_service_managementRange≤3.5.2data_center
ORatlassianjira_service_managementRange≤3.5.3data_center
ORatlassianjira_service_managementRange≤3.6.0data_center
ORatlassianjira_service_managementRange≤3.6.1data_center
ORatlassianjira_service_managementRange≤3.6.2data_center
ORatlassianjira_service_managementRange≤3.6.4data_center
ORatlassianjira_service_managementRange≤3.7.0data_center
ORatlassianjira_service_managementRange≤3.7.1data_center
ORatlassianjira_service_managementRange≤3.7.2data_center
ORatlassianjira_service_managementRange≤3.8.1data_center
ORatlassianjira_service_managementRange≤3.8.2data_center
ORatlassianjira_service_managementRange≤3.8.3data_center
ORatlassianjira_service_managementRange≤3.8.4data_center
ORatlassianjira_service_managementRange≤3.8.5data_center
ORatlassianjira_service_managementRange≤3.9.0data_center
ORatlassianjira_service_managementRange≤3.9.1data_center
ORatlassianjira_service_managementRange≤3.9.2data_center
ORatlassianjira_service_managementRange≤3.9.3data_center
ORatlassianjira_service_managementRange≤3.9.4data_center
ORatlassianjira_service_managementRange≤3.9.6data_center
ORatlassianjira_service_managementRange≤3.9.7data_center
ORatlassianjira_service_managementRange≤3.9.8data_center
ORatlassianjira_service_managementRange≤3.9.9data_center
ORatlassianjira_service_managementRange≤3.9.10data_center
ORatlassianjira_service_managementRange≤3.9.11data_center
ORatlassianjira_service_managementRange≤3.10.0data_center
ORatlassianjira_service_managementRange≤3.10.1data_center
ORatlassianjira_service_managementRange≤3.10.2data_center
ORatlassianjira_service_managementRange≤3.10.4data_center
ORatlassianjira_service_managementRange≤3.11.0data_center
ORatlassianjira_service_managementRange≤3.11.1data_center
ORatlassianjira_service_managementRange≤3.11.2data_center
ORatlassianjira_service_managementRange≤3.11.4data_center
ORatlassianjira_service_managementRange≤3.12.0data_center
ORatlassianjira_service_managementRange≤3.12.2data_center
ORatlassianjira_service_managementRange≤3.13.0data_center
ORatlassianjira_service_managementRange≤3.13.1data_center
ORatlassianjira_service_managementRange≤3.13.2data_center
ORatlassianjira_service_managementRange≤3.14.0data_center
ORatlassianjira_service_managementRange≤3.14.1data_center
ORatlassianjira_service_managementRange≤3.14.2data_center
ORatlassianjira_service_managementRange≤3.15.0data_center
ORatlassianjira_service_managementRange≤3.15.1data_center
ORatlassianjira_service_managementRange≤3.15.2data_center
ORatlassianjira_service_managementRange≤3.15.3data_center
ORatlassianjira_service_managementRange≤3.16.0data_center
ORatlassianjira_service_managementRange≤3.16.1data_center
ORatlassianjira_service_managementRange≤4.0.0data_center
ORatlassianjira_service_managementRange≤3.9.12data_center
ORatlassianjira_service_managementRange≤3.16.2data_center
ORatlassianjira_service_managementRange≤4.0.2data_center
ORatlassianjira_service_managementRange≤4.1.0data_center
ORatlassianjira_service_managementRange≤4.0.3data_center
ORatlassianjira_service_managementRange≤3.9.13data_center
ORatlassianjira_service_managementRange≤3.16.3data_center
ORatlassianjira_service_managementRange≤4.1.1data_center
ORatlassianjira_service_managementRange≤4.2.0data_center
ORatlassianjira_service_managementRange≤3.16.4data_center
ORatlassianjira_service_managementRange≤4.1.2data_center
ORatlassianjira_service_managementRange≤3.9.14data_center
ORatlassianjira_service_managementRange≤4.3.0data_center
ORatlassianjira_service_managementRange≤4.2.1data_center
ORatlassianjira_service_managementRange≤4.4.0data_center
ORatlassianjira_service_managementRange≤4.2.2data_center
ORatlassianjira_service_managementRange≤3.16.5data_center
ORatlassianjira_service_managementRange≤4.2.3data_center
ORatlassianjira_service_managementRange≤4.3.1data_center
ORatlassianjira_service_managementRange≤3.16.6data_center
ORatlassianjira_service_managementRange≤4.1.3data_center
ORatlassianjira_service_managementRange≤3.9.15data_center
ORatlassianjira_service_managementRange≤4.2.4data_center
ORatlassianjira_service_managementRange≤4.3.2data_center
ORatlassianjira_service_managementRange≤4.3.3data_center
ORatlassianjira_service_managementRange<4.1.3data_center
ORatlassianjira_service_managementRange<3.9.16data_center
ORatlassianjira_service_managementRange<4.4.1data_center
ORatlassianjira_service_managementRange<4.2.5data_center
ORatlassianjira_service_managementRange<4.3.4data_center
ORatlassianjira_service_managementRange<3.16.8data_center
| Vendor | Product | Version | CPE |
|---|---|---|---|
| atlassian | jira_service_management | * | cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:* |
Related
zdt
zdt
Jira Service Desk Server And Data Center Path Traversal Vulnerability
2019-09-23 00:00:00
nvd
nvd
CVE-2019-14994
2019-09-19 15:15:15
nessus
nessus
Atlassian JIRA Service Desk Path Traversal Vulnerability (2019-09-18)
2019-09-30 00:00:00
Atlassian JIRA Service Desk Path Traversal Vulnerability (2019-09-18)
2019-09-30 00:00:00
cvelist
cvelist
CVE-2019-14994
2019-09-19 14:20:53
cve
cve
CVE-2019-14994
2019-09-19 15:15:15
atlassian
atlassian
prion
prion
Path traversal
2019-09-19 15:15:00
checkpoint_advisories
checkpoint_advisories
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.004
Percentile
73.1%
Related for JSDSERVER-6517