Atlassian developers released security updates for Jira and Jira Service Desk (in versions * Server and * Data Center), eliminating two critical vulnerabilities. Attackers could use them to get sensitive information or remotely execute malicious code on the system.Vulnerability CVE-2019-14994 in Jira Service Desk belongs to the category “directory traversal” (URL Path Traversal) and allows access to the portal to bypass restrictions and view the failure records of all Jira Service Desk, Jira Core and Jira Software projects.
“Jira Service Desk provides customer portal users only with the permissions to raise requests and view issues, so that they would interact with the portal without having direct access to Jira. Due to said path traversal vulnerability, however, an attacker with portal access could bypass the mentioned restrictions”, — point Jira Software developers.
The second bug, CVE-2019-15001, was detected in the Jira Importers (JIM) plugin and affects Jira Server and Jira Data Center products. Using the vulnerability, an attacker with administrator privileges Jira could inject a malicious template on the server side and, thus, remotely execute any code.
The list of vulnerable products Jira Service Desk Server and Jira Service Desk Data Center includes all assemblies of branches 3.9.x – 3.16.x and 4.0.x – 4.4.x. CVE-2019-14994 bug fixed in releases 3.9.16, 3.16.8, 4.1.3, 4.2.5, 4.3.4 and 4.4.1. If administrators cannot quickly install the patch, user can be protected from an attack by restricting access to Jira Software / Core projects and blocking certain requests to Jira – or by redirecting them to a reliable URL.
There is currently no data on the use of new vulnerabilities in cyberattacks.
Vulnerabilities CVE-2019-15001 are affected by the Jira Server / Data Center branches 7.0.x – 7.13.x and 8.0.x – 8.3.x, as well as release 8.4.0. The problem is resolved by the release of updates 7.6.16, 7.13.8, 8.1.3, 8.2.5, 8.3.4 and 8.4.1, which are recommended to be installed immediately. As a temporary protection measure, you can prevent PUT requests from being sent to /rest/jira-importers-plugin/1.0/demo/create.
User Review( votes)