CVE-2019-15004

Name of the Vulnerable Software and Affected Versions Atlassian Jira Service Desk Server versions prior to 3.9.17 Atlassian Jira Service Desk Server versions 3.10.0 through 3.16.10 Atlassian Jira Service Desk Server versions 4.0.0 through 4.2.6 Atlassian Jira Service Desk Server versions 4.3.0 through 4.3.5 Atlassian Jira Service Desk Server versions 4.4.0 through 4.4.3 Atlassian Jira Service Desk Server versions 4.5.0 through 4.5.1 Atlassian Jira Service Desk Data Center versions prior to 3.9.17 Atlassian Jira Service Desk Data Center versions 3.10.0 through 3.16.10 Atlassian Jira Service Desk Data Center versions 4.0.0 through 4.2.6 Atlassian Jira Service Desk Data Center versions 4.3.0 through 4.3.5 Atlassian Jira Service Desk Data Center versions 4.4.0 through 4.4.3 Atlassian Jira Service Desk Data Center versions 4.5.0 through 4.5.1

Description The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center contains a path traversal vulnerability. This vulnerability allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects. If the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access and exploit the vulnerability.

Recommendations For Atlassian Jira Service Desk Server versions prior to 3.9.17, update to version 3.9.17 or later. For Atlassian Jira Service Desk Server versions 3.10.0 through 3.16.10, update to version 3.16.10 or later. For Atlassian Jira Service Desk Server versions 4.0.0 through 4.2.6, update to version 4.2.6 or later. For Atlassian Jira Service Desk Server versions 4.3.0 through 4.3.5, update to version 4.3.5 or later. For Atlassian Jira Service Desk Server versions 4.4.0 through 4.4.3, update to version 4.4.3 or later. For Atlassian Jira Service Desk Server versions 4.5.0 through 4.5.1, update to version 4.5.1 or later. For Atlassian Jira Service Desk Data Center versions prior to 3.9.17, update to version 3.9.17 or later. For Atlassian Jira Service Desk Data Center versions 3.10.0 through 3.16.10, update to version 3.16.10 or later. For Atlassian Jira Service Desk Data Center versions 4.0.0 through 4.2.6, update to version 4.2.6 or later. For Atlassian Jira Service Desk Data Center versions 4.3.0 through 4.3.5, update to version 4.3.5 or later. For Atlassian Jira Service Desk Data Center versions 4.4.0 through 4.4.3, update to version 4.4.3 or later. For Atlassian Jira Service Desk Data Center versions 4.5.0 through 4.5.1, update to version 4.5.1 or later.