Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center

Overview :
The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.16, from version 3.10.0 before version 3.16.8, from version 4.0.0 before version 4.1.3, from version 4.2.0 before version 4.2.5, from version 4.3.0 before version 4.3.4, and version 4.4.0 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the ‘Anyone can email the service desk or raise a request in the portal’ setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.
Affected Product(s) :
  • Jira Service Desk Server
  • Jira Service Desk Data Center
Vulnerability Details :
CVE ID : CVE-2019-14994
CVSS v3.1 Severity and Metrics. Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (V3.1 legend)
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) (CWE-22)
CVE ID : CVE-2019-15001
CVSS v2.0 Severity and Metrics. Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C) (V2 legend)
Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’) (CWE-74)

Solution : fix using latest updates

 

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2022-1840 : Home Clean Services Management System Stored Cross-Site Scripting (XSS)

CVE-2022-1840 : Home Clean Services Management System Stored Cross-Site Scripting (XSS)

Description Persistent XSS (or Stored XSS) attack is one of the three major categories of XSS attacks, the others being

CVE-2022-1558 : Multiple Stored Cross-Site Scripting vulnerabilities in WordPress curtain plugin 1.0.2

CVE-2022-1558 : Multiple Stored Cross-Site Scripting vulnerabilities in WordPress curtain plugin 1.0.2

Description Several Cross-Site Scripting vulnerabilities in the Curtain WordPress plugin. Due to these Cross-Site Scripting vulnerabilities, an attacker would be

CVE-2022-AVAST2 : Self-Defense Bypass via Repairing Function

CVE-2022-AVAST2 : Self-Defense Bypass via Repairing Function

Description It was noted that there is security checking to prevent some of the Avast processes from loading of undesired/unsigned