admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-12 02:05:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add CVE-2019-14994 CVE-2019-15000 CVE-2019-15001

Browse Source
This commit is contained in:
David Black 2019-09-19 09:29:57 +10:00
parent 3eac0bdc70
commit 58ef92e3d9
3 changed files with 476 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

146
2019/14xxx/CVE-2019-14994.json Normal file
View File

@ -0,0 +1,146 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2018-09-18T00:00:00",
"ID": "CVE-2019-14994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jira Service Desk Server",
"version": {
"version_data": [
{
"version_value": "3.9.16",
"version_affected": "<"
},
{
"version_value": "3.10.0",
"version_affected": ">="
},
{
"version_value": "3.16.8",
"version_affected": "<"
},
{
"version_value": "4.0.0",
"version_affected": ">="
},
{
"version_value": "4.1.3",
"version_affected": "<"
},
{
"version_value": "4.2.0",
"version_affected": ">="
},
{
"version_value": "4.2.5",
"version_affected": "<"
},
{
"version_value": "4.3.0",
"version_affected": ">="
},
{
"version_value": "4.3.4",
"version_affected": "<"
},
{
"version_value": "4.4.0",
"version_affected": "="
}
]
}
},
{
"product_name": "Jira Service Desk Data Center",
"version": {
"version_data": [
{
"version_value": "3.9.16",
"version_affected": "<"
},
{
"version_value": "3.10.0",
"version_affected": ">="
},
{
"version_value": "3.16.8",
"version_affected": "<"
},
{
"version_value": "4.0.0",
"version_affected": ">="
},
{
"version_value": "4.1.3",
"version_affected": "<"
},
{
"version_value": "4.2.0",
"version_affected": ">="
},
{
"version_value": "4.2.5",
"version_affected": "<"
},
{
"version_value": "4.3.0",
"version_affected": ">="
},
{
"version_value": "4.3.4",
"version_affected": "<"
},
{
"version_value": "4.4.0",
"version_affected": "="
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.16, from version 3.10.0 before version 3.16.8, from version 4.0.0 before version 4.1.3, from version 4.2.0 before version 4.2.5, from version 4.3.0 before version 4.3.4, and version 4.4.0 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://confluence.atlassian.com/jira/jira-service-desk-security-advisory-2019-09-11-976171274.html",
"url": "https://jira.atlassian.com/browse/JSDSERVER-6517"
}
]
}
}

169
2019/15xxx/CVE-2019-15000.json Normal file
View File

@ -0,0 +1,169 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-09-18T00:00:00",
"ID": "CVE-2019-15000",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Bitbucket Server",
"version": {
"version_data": [
{
"version_value": "5.16.10",
"version_affected": "<"
},
{
"version_value": "6.0.0",
"version_affected": ">="
},
{
"version_value": "6.0.10",
"version_affected": "<"
},
{
"version_value": "6.1.0",
"version_affected": ">="
},
{
"version_value": "6.1.8",
"version_affected": "<"
},
{
"version_value": "6.2.0",
"version_affected": ">="
},
{
"version_value": "6.2.6",
"version_affected": "<"
},
{
"version_value": "6.3.0",
"version_affected": ">="
},
{
"version_value": "6.3.5",
"version_affected": "<"
},
{
"version_value": "6.4.0",
"version_affected": ">="
},
{
"version_value": "6.4.3",
"version_affected": "<"
},
{
"version_value": "6.5.0",
"version_affected": ">="
},
{
"version_value": "6.5.2",
"version_affected": "<"
}
]
}
},
{
"product_name": "Bitbucket Data Center",
"version": {
"version_data": [
{
"version_value": "5.16.10",
"version_affected": "<"
},
{
"version_value": "6.0.0",
"version_affected": ">="
},
{
"version_value": "6.0.10",
"version_affected": "<"
},
{
"version_value": "6.1.0",
"version_affected": ">="
},
{
"version_value": "6.1.8",
"version_affected": "<"
},
{
"version_value": "6.2.0",
"version_affected": ">="
},
{
"version_value": "6.2.6",
"version_affected": "<"
},
{
"version_value": "6.3.0",
"version_affected": ">="
},
{
"version_value": "6.3.5",
"version_affected": "<"
},
{
"version_value": "6.4.0",
"version_affected": ">="
},
{
"version_value": "6.4.3",
"version_affected": "<"
},
{
"version_value": "6.5.0",
"version_affected": ">="
},
{
"version_value": "6.5.2",
"version_affected": "<"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version for 5.16.x ), from 6.0.0 before 6.0.10 (the fixed version for 6.0.x), from 6.1.0 before 6.1.8 (the fixed version for 6.1.x), from 6.2.0 before 6.2.6 (the fixed version for 6.2.x), from 6.3.0 before 6.3.5 (the fixed version for 6.3.x), from 6.4.0 before 6.4.3 (the fixed version for 6.4.x), and from 6.5.0 before 6.5.2 (the fixed version for 6.5.x) allows remote attackers who have permission to access a repository, if public access is enabled for a project or repository then attackers are able to exploit this issue anonymously, to read the contents of arbitrary files on the system and execute commands via injecting additional arguments into git commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Argument Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/BSERV-11947"
}
]
}
}

161
2019/15xxx/CVE-2019-15001.json Normal file
View File

@ -0,0 +1,161 @@
{
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2018-09-18T00:00:00",
"ID": "CVE-2019-15001",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jira Server",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "7.0.10"
},
{
"version_affected": "<",
"version_value": "7.6.16"
},
{
"version_affected": ">=",
"version_value": "7.7.0"
},
{
"version_affected": "<",
"version_value": "7.13.8"
},
{
"version_affected": ">=",
"version_value": "8.1.0"
},
{
"version_affected": "<",
"version_value": "8.1.3"
},
{
"version_affected": ">=",
"version_value": "8.2.0"
},
{
"version_affected": "<",
"version_value": "8.2.5"
},
{
"version_affected": ">=",
"version_value": "8.3.0"
},
{
"version_affected": "<",
"version_value": "8.3.4"
},
{
"version_affected": ">=",
"version_value": "8.4.0"
},
{
"version_affected": "<",
"version_value": "8.4.1"
}
]
}
},
{
"product_name": "Jira Data Center",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "7.0.10"
},
{
"version_affected": "<",
"version_value": "7.6.16"
},
{
"version_affected": ">=",
"version_value": "7.7.0"
},
{
"version_affected": "<",
"version_value": "7.13.8"
},
{
"version_affected": ">=",
"version_value": "8.1.0"
},
{
"version_affected": "<",
"version_value": "8.1.3"
},
{
"version_affected": ">=",
"version_value": "8.2.0"
},
{
"version_affected": "<",
"version_value": "8.2.5"
},
{
"version_affected": ">=",
"version_value": "8.3.0"
},
{
"version_affected": "<",
"version_value": "8.3.4"
},
{
"version_affected": ">=",
"version_value": "8.4.0"
},
{
"version_affected": "<",
"version_value": "8.4.1"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.1.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator permissions to gain remote code execution via a template injection vulnerability through the use of a crafted PUT request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Template injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jira.atlassian.com/browse/JRASERVER-69933"
}
]
}
}