The vulnerable system is not bound to the network stack and the attacker’s path is via read/write/execute capabilities. Either: the attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or through terminal emulation (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document).
Attack Complexity
Low
AC
The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system.
Attack Requirements
Present
AT
The successful attack depends on the presence of specific deployment and execution conditions of the vulnerable system that enable the attack. These include: A race condition must be won to successfully exploit the vulnerability. The successfulness of the attack is conditioned on execution conditions that are not under full control of the attacker. The attack may need to be launched multiple times against a single target before being successful. Network injection. The attacker must inject themselves into the logical network path between the target and the resource requested by the victim (e.g. vulnerabilities requiring an on-path attacker).
Privileges Required
None
PR
The attacker is unauthenticated prior to attack, and therefore does not require any access to settings or files of the vulnerable system to carry out an attack.
User Interaction
None
UI
The vulnerable system can be exploited without interaction from any human user, other than the attacker. Examples include: a remote attacker is able to send packets to a target system a locally authenticated attacker executes code to elevate privileges
Scope
S
An exploited vulnerability can affect resources beyond the security scope managed by the security authority that is managing the vulnerable component. This is often referred to as a 'privilege escalation,' where the attacker can use the exploited vulnerability to gain control of resources that were not intended or authorized.
Confidentiality
High
C
There is total information disclosure, resulting in all data on the system being revealed to the attacker, or there is a possibility of the attacker gaining control over confidential data.
Integrity
High
I
There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the attacker being able to modify any file on the target system.
Availability
High
A
There is a total shutdown of the affected resource. The attacker can deny access to the system or data, potentially causing significant loss to the organization.
Below is a copy: Jira Service Desk Server / Data Center Path Traversal
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
This email refers to the advisory found at
https://confluence.atlassian.com/jira/jira-service-desk-security-advisory-2019-11-06-979412717.html
.
CVE ID:
* CVE-2019-15003
* CVE-2019-15004
Product: Jira Service Desk Server and Data Center.
Affected Jira Service Desk Server and Data Center product versions:
version < 3.9.17
3.10.0 <= version < 3.16.11
4.0.0 <= version < 4.2.6
4.3.0 <= version < 4.3.5
4.4.0 <= version < 4.4.3
4.5.0 <= version < 4.5.1
Fixed Jira Service Desk Server and Data Center product versions:
* for 3.9.x, Jira Service Desk Server and Data Center 3.9.17 has been released
with a fix for this issue.
* for 3.16.x, Jira Service Desk Server and Data Center 3.16.11 has been released
with a fix for this issue.
* for 4.2.x, Jira Service Desk Server and Data Center 4.2.6 has been released
with a fix for this issue.
* for 4.3.x, Jira Service Desk Server and Data Center 4.3.5 has been released
with a fix for this issue.
* for 4.4.x, Jira Service Desk Server and Data Center 4.4.3 has been released
with a fix for this issue.
* for 4.5.x, Jira Service Desk Server and Data Center 4.5.1 has been released
with a fix for this issue.
Summary:
This advisory discloses a critical severity security vulnerability. Versions of
Jira Service Desk Server and Data Center are affected by this vulnerability.
Customers who have upgraded Jira Service Desk Server and Data Center to version
3.9.17 or 3.16.11 or 4.2.6 or 4.3.5 or 4.4.3 or 4.5.1 are not affected.
Customers who have downloaded and installed Jira Service Desk Server and Data
Center less than 3.9.17 (the fixed version for 3.9.x) or who have downloaded and
installed Jira Service Desk Server and Data Center >= 3.10.0 but less than
3.16.11 (the fixed version for 3.16.x) or who have downloaded and installed Jira
Service Desk Server and Data Center >= 4.0.0 but less than 4.2.6 (the fixed
version for 4.2.x) or who have downloaded and installed Jira Service Desk Server
and Data Center >= 4.3.0 but less than 4.3.5 (the fixed version for 4.3.x) or
who have downloaded and installed Jira Service Desk Server and Data Center >=
4.4.0 but less than 4.4.3 (the fixed version for 4.4.x) or who have downloaded
and installed Jira Service Desk Server and Data Center >= 4.5.0 but less than
4.5.1 (the fixed version for 4.5.x) please upgrade your Jira Service Desk Server
and Data Center installations immediately to fix this vulnerability.
URL path traversal allows information disclosure - CVE-2019-15003
Severity:
Atlassian rates the severity level of this vulnerability as critical, according
to the scale published in our Atlassian severity levels. The scale allows us to
rank the severity as critical, high, moderate or low.
This is our assessment and you should evaluate its applicability to your own IT
environment.
Description:
By design, Jira Service Desk gives customer portal users permissions only to
raise requests and view issues. This allows users to interact with the customer
portal without having direct access to Jira. These restrictions can be bypassed
by a remote attacker with portal access who exploits a path traversal
vulnerability. Note that attackers can grant themselves access to Jira Service
Desk portals that have the Anyone can email the service desk or raise a request
in the portal setting enabled. Exploitation allows an attacker to view all
issues within all Jira projects contained in the vulnerable instance. This could
include Jira Service Desk projects, Jira Core projects, and Jira Software
projects.
Versions of Jira Service Desk Server and Data Center all versions before 3.9.17
(the fixed version for 3.9.x), from version 3.10.0 before 3.16.10 (the fixed
version for 3.16.x), from version 4.0.0 before 4.2.6 (the fixed version for
4.2.x), from version 4.3.0 before 4.3.5 (the fixed version for 4.3.x), from
version 4.4.0 before 4.4.3 (the fixed version for 4.4.x), and from version 4.5.0
before 4.5.1 (the fixed version for 4.5.x) are affected by this vulnerability.
This issue can be tracked at: https://jira.atlassian.com/browse/JSDSERVER-6589
.
Fix:
To address this issue, we've released the following versions containing a fix:
* Jira Service Desk Server and Data Center version 3.9.17
* Jira Service Desk Server and Data Center version 3.16.11
* Jira Service Desk Server and Data Center version 4.2.6
* Jira Service Desk Server and Data Center version 4.3.5
* Jira Service Desk Server and Data Center version 4.4.3
* Jira Service Desk Server and Data Center version 4.5.1
Remediation:
Upgrade Jira Service Desk Server and Data Center to version 4.5.1 or higher.
The vulnerabilities and fix versions are described above. If affected, you
should upgrade to the latest version immediately.
If you are running Jira Service Desk Server and Data Center 3.9.x and cannot
upgrade to 4.5.1, upgrade to version 3.9.17.
If you are running Jira Service Desk Server and Data Center 3.16.x and cannot
upgrade to 4.5.1, upgrade to version 3.16.11.
If you are running Jira Service Desk Server and Data Center 4.2.x and cannot
upgrade to 4.5.1, upgrade to version 4.2.6.
If you are running Jira Service Desk Server and Data Center 4.3.x and cannot
upgrade to 4.5.1, upgrade to version 4.3.5.
If you are running Jira Service Desk Server and Data Center 4.4.x and cannot
upgrade to 4.5.1, upgrade to version 4.4.3.
For a full description of the latest version of Jira Service Desk Server and
Data Center, see
the release notes found at
https://confluence.atlassian.com/servicedesk/jira-service-desk-release-notes-780083086.html.
You can download the latest version of Jira Service Desk Server and Data Center
from the download centre found at
https://www.atlassian.com/software/jira/service-desk/download.
Support:
If you have questions or concerns regarding this advisory, please raise a
support request at https://support.atlassian.com/.
-----BEGIN PGP SIGNATURE-----
iQJLBAEBCgA1FiEEXh3qw5vbMx/VSutRJCCXorxSdqAFAl3E4DkXHHNlY3VyaXR5
QGF0bGFzc2lhbi5jb20ACgkQJCCXorxSdqCHlhAAms1Ea3KA/TJEtsdOtlH3kw4h
1wN3Pk18v986BwDsE06pO3HsY8ra608o1Pzx++AVdLnPQU+fIBUfg2SKBIn/ACGS
7s8qKCzcveZsCnZqHJaaSNYubGxiT20QnxfBDh8tTCJzp0m5s9zdArNb4kITUsWT
pLH0gQ/cPx4Ureb8nO2JpcpU9joJdAODU7NCF+jRCmDreYJBWwROGtCnP4VPmquC
v0CsvfMAFENscvAszxAybXNG5CoiBjb0+qwJq8K6yWeu6c5kwGoh7k90Hk5JdDJm
z1MTJb6T9FTHvlmfGUfCOVFpvFtuNzFaPBhxfKaHHYlksOnXzTHztlJsi+nuojyE
FAONVh3Fcq+cL2DB/jAOxnBgcWvOIWYkgNkRFyZIZ+y09LuFTowzlShy9+RC9+0z
kH+w7HKgA0gSeJvvrgTW5BUaOklvT7wVKMmG+aEz0w32kJhPwPIgcPtIQ2uAYj9C
uJKP5FwKULoWUXMDWclrY3xMxSRL/g7bv0ZAVlGzLdtFBkr0zZexdm/FJoAr7nQU
7Et0TjVKHzr00Y0kCVO/fmN3BWK12iNrOZZ1Vo4j/u8xL7BxqqimrlN1jfv+46lt
t8LF2JwCaVV9qirrVJDj6T650aLyXdKgTYrrvJtXjCnmnhixd/t1yDcnd585iKva
xgbVIqGBDtaP+lRrsTs=
=TvXO
-----END PGP SIGNATURE-----
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum