Main Vulnerability Database Exploits ID:2261 - Exploit for Path traversal in Jira Service Management Server - CVE-2019-14994

ID:2261 - Exploit for Path traversal in Jira Service Management Server - CVE-2019-14994

Published: April 5, 2020

Vulnerability identifier: #VU21272

Vulnerability risk: Medium

CVE-ID: CVE-2019-14994

CWE-ID: CWE-22

Exploitation vector: Remote access

Vulnerable software:
Jira Service Management Server

Link to public exploit:

https://github.com/bugbounty-site/exploits

Vulnerability description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists in the Customer Context Filter Jira Service Desk Server and Jira Service Desk Data Center due to input validation error when processing directory traversal sequences. A remote attacker with portal access can send a specially crafted HTTP request and gain view of all issues from all projects in the affected instance, such as Jira Service Desk projects, Jira Core projects, and Jira Software projects.

Note: When the "Anyone can email the service desk or raise a request in the portal setting" is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.

Remediation

Install updates from vendor's website.

ID:2261 - Exploit for Path traversal in Jira Service Management Server - CVE-2019-14994

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human