mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
135 lines
5.6 KiB
JSON
135 lines
5.6 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "security@atlassian.com",
|
|
"DATE_PUBLIC": "2019-11-08T00:00:00",
|
|
"ID": "CVE-2019-15005",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Bitbucket Server",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "6.6.0",
|
|
"version_affected": "<"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Jira Server",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "8.3.2",
|
|
"version_affected": "<"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Confluence Server",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "7.0.1",
|
|
"version_affected": "<"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Crowd",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "3.6.0",
|
|
"version_affected": "<"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Fisheye",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "4.7.2",
|
|
"version_affected": "<"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Crucible",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "4.7.2",
|
|
"version_affected": "<"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Bamboo",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "6.10.2",
|
|
"version_affected": "<"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "Atlassian"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into. A vulnerable version of the plugin is included with Bitbucket Server / Data Center before 6.6.0, Confluence Server / Data Center before 7.0.1, Jira Server / Data Center before 8.3.2, Crowd / Crowd Data Center before 3.6.0, Fisheye before 4.7.2, Crucible before 4.7.2, and Bamboo before 6.10.2."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Improper Authorization"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://jira.atlassian.com/browse/BAM-20647",
|
|
"refsource": "MISC",
|
|
"name": "https://jira.atlassian.com/browse/BAM-20647"
|
|
},
|
|
{
|
|
"refsource": "MISC",
|
|
"name": "https://herolab.usd.de/security-advisories/usd-2019-0016/",
|
|
"url": "https://herolab.usd.de/security-advisories/usd-2019-0016/"
|
|
}
|
|
]
|
|
}
|
|
} |