Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center

buy Lyrica usa Overview :
The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.16, from version 3.10.0 before version 3.16.8, from version 4.0.0 before version 4.1.3, from version 4.2.0 before version 4.2.5, from version 4.3.0 before version 4.3.4, and version 4.4.0 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the ‘Anyone can email the service desk or raise a request in the portal’ setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.
Deventer Affected Product(s) :
  • Jira Service Desk Server
  • Jira Service Desk Data Center
Vulnerability Details :
CVE ID : CVE-2019-14994
CVSS v3.1 Severity and Metrics. Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (V3.1 legend)
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) (CWE-22)
CVE ID : CVE-2019-15001
CVSS v2.0 Severity and Metrics. Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C) (V2 legend)
Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’) (CWE-74)

Solution : fix using latest updates

 

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-21513 : LANGCHAIN-EXPERIMENTAL UP TO 0.0.20 DATABASE EVAL CODE INJECTION

CVE-2024-21513 : LANGCHAIN-EXPERIMENTAL UP TO 0.0.20 DATABASE EVAL CODE INJECTION

Description Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values

CVE-2024-6737 : 2100 TECHNOLOGY ELECTRONIC OFFICIAL DOCUMENT MANAGEMENT SYSTEM UP TO 5.0.76 SETTING ACCESS CONTROL

CVE-2024-6737 : 2100 TECHNOLOGY ELECTRONIC OFFICIAL DOCUMENT MANAGEMENT SYSTEM UP TO 5.0.76 SETTING ACCESS CONTROL

Description The access control in the Electronic Official Document Management System from 2100 TECHNOLOGY is not properly implemented, allowing remote

CVE-2024-6345 : PYPA SETUPTOOLS UP TO 69.1.1 PACKAGE_INDEX CODE INJECTION

CVE-2024-6345 : PYPA SETUPTOOLS UP TO 69.1.1 PACKAGE_INDEX CODE INJECTION

Description A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its