Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2019-15005

UNKNOWN
Published 2019-11-08T03:55:12.611106Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2019-15005. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into. A vulnerable version of the plugin is included with Bitbucket Server / Data Center before 6.6.0, Confluence Server / Data Center before 7.0.1, Jira Server / Data Center before 8.3.2, Crowd / Crowd Data Center before 3.6.0, Fisheye before 4.7.2, Crucible before 4.7.2, and Bamboo before 6.10.2.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Atlassian

Bitbucket Server

Affected Versions:

unspecified
Atlassian

Jira Server

Affected Versions:

unspecified
Atlassian

Confluence Server

Affected Versions:

unspecified
Atlassian

Crowd

Affected Versions:

unspecified
Atlassian

Fisheye

Affected Versions:

unspecified
Atlassian

Crucible

Affected Versions:

unspecified
Atlassian

Bamboo

Affected Versions:

unspecified

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-3xw8-mq4w-hh6g

Advisory Details

The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into. A vulnerable version of the plugin is included with Bitbucket Server / Data Center before 6.6.0, Confluence Server / Data Center before 7.0.1, Jira Server / Data Center before 8.3.2, Crowd / Crowd Data Center before 3.6.0, Fisheye before 4.7.2, Crucible before 4.7.2, and Bamboo before 6.10.2.

CVSS Scoring

CVSS Score

5.0

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2019-15005
WEB https://herolab.usd.de/security-advisories/usd-2019-0016
WEB https://jira.atlassian.com/browse/BAM-20647

Advisory provided by GitHub Security Advisory Database. Published: May 24, 2022, Modified: May 24, 2022

References

https://jira.atlassian.com/browse/BAM-20647
https://herolab.usd.de/security-advisories/usd-2019-0016/
Published: 2019-11-08T03:55:12.611106Z
Last Modified: 2024-09-16T20:31:42.718Z
Copied to clipboard!