Path traversal in Atlassian Jira Service Desk
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2019-14994 |
| CWE-ID | CWE-22 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
Jira Service Management Server Server applications / Other server solutions |
| Vendor | Atlassian |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Path traversal
EUVDB-ID: #VU21272
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-14994
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists in the Customer Context Filter Jira Service Desk Server and Jira Service Desk Data Center due to input validation error when processing directory traversal sequences. A remote attacker with portal access can send a specially crafted HTTP request and gain view of all issues from all projects in the affected instance, such as Jira Service Desk projects, Jira Core projects, and Jira Software projects.
Note: When the "Anyone can email the service desk or raise a request in the portal setting" is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.
MitigationInstall updates from vendor's website.
Vulnerable software versionsJira Service Management Server: 1.0 - 4.4.0
External linkshttp://jira.atlassian.com/browse/JSDSERVER-6517
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
