CVE-2019-15005

Name of the Vulnerable Software and Affected Versions Atlassian Troubleshooting and Support Tools plugin versions prior to 1.17.2 Bitbucket Server / Data Center versions prior to 6.6.0 Confluence Server / Data Center versions prior to 7.0.1 Jira Server / Data Center versions prior to 8.3.2 Crowd / Crowd Data Center versions prior to 3.6.0 Fisheye versions prior to 4.7.2 Crucible versions prior to 4.7.2 Bamboo versions prior to 6.10.2

Description The issue allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into.

Recommendations Update the Atlassian Troubleshooting and Support Tools plugin to version 1.17.2 or later. Update Bitbucket Server / Data Center to version 6.6.0 or later. Update Confluence Server / Data Center to version 7.0.1 or later. Update Jira Server / Data Center to version 8.3.2 or later. Update Crowd / Crowd Data Center to version 3.6.0 or later. Update Fisheye to version 4.7.2 or later. Update Crucible to version 4.7.2 or later. Update Bamboo to version 6.10.2 or later.