CNVD-2019-40790

Vulnerability from cnvd - Published: 2019-11-15
VLAI Severity ?
Title
Atlassian Jira Service Desk Server和Atlassian Jira Service Desk Data Center Customer Context Filter存在未明漏洞
Description
Atlassian Jira Service Desk Server和Atlassian Jira Service Desk Data Center都是澳大利亚Atlassian(Atlassian)公司的产品。Atlassian Jira Service Desk Server是一套IT服务台与请求跟踪系统的服务器版。该系统主要用于接收、跟踪和管理团队客户的请求。Atlassian Jira Service Desk Data Center是Atlassian Jira Service Desk的数据中心版本。Customer Context Filter是其中的一个上下文过滤器。 Atlassian Jira Service Desk Server和Jira Service Desk Data Center中的Customer Context Filter存在安全漏洞。远程攻击者可利用该漏洞查看Service Desk项目中的任意问题。
Severity
Patch Name
Atlassian Jira Service Desk Server和Atlassian Jira Service Desk Data Center Customer Context Filter存在未明漏洞的补丁
Patch Description
Atlassian Jira Service Desk Server和Atlassian Jira Service Desk Data Center都是澳大利亚Atlassian(Atlassian)公司的产品。Atlassian Jira Service Desk Server是一套IT服务台与请求跟踪系统的服务器版。该系统主要用于接收、跟踪和管理团队客户的请求。Atlassian Jira Service Desk Data Center是Atlassian Jira Service Desk的数据中心版本。Customer Context Filter是其中的一个上下文过滤器。 Atlassian Jira Service Desk Server和Jira Service Desk Data Center中的Customer Context Filter存在安全漏洞。远程攻击者可利用该漏洞查看Service Desk项目中的任意问题。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://jira.atlassian.com/browse/JSDSERVER-6590

Reference
https://nvd.nist.gov/vuln/detail/CVE-2019-15003
Impacted products
Name
['Atlassian Jira Service Desk <3.9.17M', 'Atlassian Jira Service Desk <=3.10.0(3.16.10版本已修复)', 'Atlassian Jira Service Desk <=4.0.03.10.0(4.2.6版本已修复)', 'Atlassian Jira Service Desk <=4.3.03.10.0(4.3.5版本已修复)', 'Atlassian Jira Service Desk <=4.4.03.10.0(4.4.3版本已修复)', 'Atlassian Jira Service Desk <=4.5.03.10.0(4.5.1版本已修复)']
Show details on source website
To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-15003"
    }
  },
  "description": "Atlassian Jira Service Desk Server\u548cAtlassian Jira Service Desk Data Center\u90fd\u662f\u6fb3\u5927\u5229\u4e9aAtlassian\uff08Atlassian\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Atlassian Jira Service Desk Server\u662f\u4e00\u5957IT\u670d\u52a1\u53f0\u4e0e\u8bf7\u6c42\u8ddf\u8e2a\u7cfb\u7edf\u7684\u670d\u52a1\u5668\u7248\u3002\u8be5\u7cfb\u7edf\u4e3b\u8981\u7528\u4e8e\u63a5\u6536\u3001\u8ddf\u8e2a\u548c\u7ba1\u7406\u56e2\u961f\u5ba2\u6237\u7684\u8bf7\u6c42\u3002Atlassian Jira Service Desk Data Center\u662fAtlassian Jira Service Desk\u7684\u6570\u636e\u4e2d\u5fc3\u7248\u672c\u3002Customer Context Filter\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u4e0a\u4e0b\u6587\u8fc7\u6ee4\u5668\u3002\n\nAtlassian Jira Service Desk Server\u548cJira Service Desk Data Center\u4e2d\u7684Customer Context Filter\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u67e5\u770bService Desk\u9879\u76ee\u4e2d\u7684\u4efb\u610f\u95ee\u9898\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://jira.atlassian.com/browse/JSDSERVER-6590",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-40790",
  "openTime": "2019-11-15",
  "patchDescription": "Atlassian Jira Service Desk Server\u548cAtlassian Jira Service Desk Data Center\u90fd\u662f\u6fb3\u5927\u5229\u4e9aAtlassian\uff08Atlassian\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Atlassian Jira Service Desk Server\u662f\u4e00\u5957IT\u670d\u52a1\u53f0\u4e0e\u8bf7\u6c42\u8ddf\u8e2a\u7cfb\u7edf\u7684\u670d\u52a1\u5668\u7248\u3002\u8be5\u7cfb\u7edf\u4e3b\u8981\u7528\u4e8e\u63a5\u6536\u3001\u8ddf\u8e2a\u548c\u7ba1\u7406\u56e2\u961f\u5ba2\u6237\u7684\u8bf7\u6c42\u3002Atlassian Jira Service Desk Data Center\u662fAtlassian Jira Service Desk\u7684\u6570\u636e\u4e2d\u5fc3\u7248\u672c\u3002Customer Context Filter\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u4e0a\u4e0b\u6587\u8fc7\u6ee4\u5668\u3002\r\n\r\nAtlassian Jira Service Desk Server\u548cJira Service Desk Data Center\u4e2d\u7684Customer Context Filter\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u67e5\u770bService Desk\u9879\u76ee\u4e2d\u7684\u4efb\u610f\u95ee\u9898\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Atlassian Jira Service Desk Server\u548cAtlassian Jira Service Desk Data Center Customer Context Filter\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Atlassian Jira Service Desk \u003c3.9.17M",
      "Atlassian Jira Service Desk \u003c=3.10.0\uff083.16.10\u7248\u672c\u5df2\u4fee\u590d\uff09",
      "Atlassian Jira Service Desk \u003c=4.0.03.10.0\uff084.2.6\u7248\u672c\u5df2\u4fee\u590d\uff09",
      "Atlassian Jira Service Desk \u003c=4.3.03.10.0\uff084.3.5\u7248\u672c\u5df2\u4fee\u590d\uff09",
      "Atlassian Jira Service Desk \u003c=4.4.03.10.0\uff084.4.3\u7248\u672c\u5df2\u4fee\u590d\uff09",
      "Atlassian Jira Service Desk \u003c=4.5.03.10.0\uff084.5.1\u7248\u672c\u5df2\u4fee\u590d\uff09"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-15003",
  "serverity": "\u4e2d",
  "submitTime": "2019-11-11",
  "title": "Atlassian Jira Service Desk Server\u548cAtlassian Jira Service Desk Data Center Customer Context Filter\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.