Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center

buy Lyrica usa Overview :

The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.16, from version 3.10.0 before version 3.16.8, from version 4.0.0 before version 4.1.3, from version 4.2.0 before version 4.2.5, from version 4.3.0 before version 4.3.4, and version 4.4.0 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the ‘Anyone can email the service desk or raise a request in the portal’ setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.

Deventer Affected Product(s) :

Jira Service Desk Server
Jira Service Desk Data Center

Vulnerability Details :

CVE ID :	CVE-2019-14994
	CVSS v3.1 Severity and Metrics. Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (V3.1 legend)
	Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) (CWE-22)

CVE ID :	CVE-2019-15001
	CVSS v2.0 Severity and Metrics. Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C) (V2 legend)
	Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’) (CWE-74)

Solution : fix using latest updates

Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-29204 : IVANTI AVALANCHE UP TO 6.4.2 WLAVALANCHESERVICE HEAP-BASED OVERFLOW

CVE-2024-31869 : APACHE AIRFLOW UP TO 2.8.4 CONFIGURATION UI PAGE INFORMATION DISCLOSURE

CVE-2024-24856 : LINUX KERNEL UP TO 6.8 ACPI_ALLOCATE_ZEROED NULL POINTER DEREFERENCE