Vulnerability Description
The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via authorization bypass. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Atlassian | Jira Service Desk | < 3.9.17 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/155214/Jira-Service-Desk-Server-Data-CenterThird Party Advisory
- https://jira.atlassian.com/browse/JSDSERVER-6590Issue TrackingVendor Advisory
- https://seclists.org/bugtraq/2019/Nov/9Third Party Advisory
- http://packetstormsecurity.com/files/155214/Jira-Service-Desk-Server-Data-CenterThird Party Advisory
- https://jira.atlassian.com/browse/JSDSERVER-6590Issue TrackingVendor Advisory
- https://seclists.org/bugtraq/2019/Nov/9Third Party Advisory
FAQ
What is CVE-2019-15003?
CVE-2019-15003 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4....
How severe is CVE-2019-15003?
CVE-2019-15003 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-15003?
Check the references section above for vendor advisories and patch information. Affected products include: Atlassian Jira Service Desk.