CVE-2019-15005

Published Nov 8, 2019

Last updated 5 years ago

CVSS medium 4.3

Overview

Description: The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into. A vulnerable version of the plugin is included with Bitbucket Server / Data Center before 6.6.0, Confluence Server / Data Center before 7.0.1, Jira Server / Data Center before 8.3.2, Crowd / Crowd Data Center before 3.6.0, Fisheye before 4.7.2, Crucible before 4.7.2, and Bamboo before 6.10.2.
Source: security@atlassian.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.3
Impact score: 1.4
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-862

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:atlassian:troubleshooting_and_support:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "093A33BE-D93B-4CBC-9BF3-B37207CBAD84",
            "versionEndExcluding": "1.17.2"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A17D5A1F-2408-4768-9DC3-F850B21B64AD",
            "versionEndExcluding": "6.10.2"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF79AB35-E420-4475-AD28-FC219C636C8B",
            "versionEndExcluding": "6.6.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC203A88-CA6B-4F1A-A68D-9C2CDE8F67FC",
            "versionEndExcluding": "7.0.1"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1361951B-0754-45FF-96E4-8A886C24411B",
            "versionEndExcluding": "3.6.0"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40EB5F54-C9BD-4299-A616-E3A8E20C77FB",
            "versionEndExcluding": "4.7.2"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "452D57FA-0A0B-486F-9D4B-45487B68FFB9",
            "versionEndExcluding": "4.7.2"
          },
          {
            "criteria": "cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76FE371E-3000-464E-ADEE-033BF2989429",
            "versionEndExcluding": "8.3.2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References