CVE-2019-15005 — MEDIUM (4.3)

Q: How severe is CVE-2019-15005?

CVE-2019-15005 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-15005?

Check the references section above for vendor advisories and patch information. Affected products include: Atlassian Troubleshooting And Support, Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence, Atlassian Crowd.

Vulnerability Description

The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into. A vulnerable version of the plugin is included with Bitbucket Server / Data Center before 6.6.0, Confluence Server / Data Center before 7.0.1, Jira Server / Data Center before 8.3.2, Crowd / Crowd Data Center before 3.6.0, Fisheye before 4.7.2, Crucible before 4.7.2, and Bamboo before 6.10.2.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Atlassian	Troubleshooting And Support	< 1.17.2
Atlassian	Bamboo	< 6.10.2
Atlassian	Bitbucket	< 6.6.0
Atlassian	Confluence	< 7.0.1
Atlassian	Crowd	< 3.6.0
Atlassian	Crucible	< 4.7.2
Atlassian	Fisheye	< 4.7.2
Atlassian	Jira	< 8.3.2

Related Weaknesses (CWE)

CWE-862

References

https://herolab.usd.de/security-advisories/usd-2019-0016/
https://jira.atlassian.com/browse/BAM-20647Issue TrackingVendor Advisory
https://herolab.usd.de/security-advisories/usd-2019-0016/
https://jira.atlassian.com/browse/BAM-20647Issue TrackingVendor Advisory

FAQ

What is CVE-2019-15005?

CVE-2019-15005 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to ...

How severe is CVE-2019-15005?

CVE-2019-15005 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-15005?

Check the references section above for vendor advisories and patch information. Affected products include: Atlassian Troubleshooting And Support, Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence, Atlassian Crowd.