CVE-2019-14994 vulnerability in Atlassian Products
Published on September 19, 2019
The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.16, from version 3.10.0 before version 3.16.8, from version 4.0.0 before version 4.1.3, from version 4.2.0 before version 4.2.5, from version 4.3.0 before version 4.3.4, and version 4.4.0 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability.
Products Associated with CVE-2019-14994
stack.watch emails you whenever new vulnerabilities are published in Atlassian Jira Service Desk or Atlassian Jira. Just hit a watch button to start following.
Affected Versions
Atlassian Jira Service Desk Server:- Version unspecified and below 3.9.16 is affected.
- Version 3.10.0 and below unspecified is affected.
- Version unspecified and below 3.16.8 is affected.
- Version 4.0.0 and below unspecified is affected.
- Version unspecified and below 4.1.3 is affected.
- Version 4.2.0 and below unspecified is affected.
- Version unspecified and below 4.2.5 is affected.
- Version 4.3.0 and below unspecified is affected.
- Version unspecified and below 4.3.4 is affected.
- Version 4.4.0 is affected.
- Version unspecified and below 3.9.16 is affected.
- Version 3.10.0 and below unspecified is affected.
- Version unspecified and below 3.16.8 is affected.
- Version 4.0.0 and below unspecified is affected.
- Version unspecified and below 4.1.3 is affected.
- Version 4.2.0 and below unspecified is affected.
- Version unspecified and below 4.2.5 is affected.
- Version 4.3.0 and below unspecified is affected.
- Version unspecified and below 4.3.4 is affected.
- Version 4.4.0 is affected.
Exploit Probability
EPSS
1.68%
Percentile
81.92%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.