Vulnerabilities > CVE-2019-11583 - Unspecified vulnerability in Atlassian Jira

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

atlassian

nessus

NVD

Published: 2019-06-26

Updated: 2020-08-24

Summary

The issue searching component in Jira before version 8.1.0 allows remote attackers to deny access to Jira service via denial of service vulnerability in issue search when ordering by "Epic Name".

Vulnerable Configurations

Part	Description	Count
Application	Atlassian Atlassian Jira - Atlassian Jira 2.1 Atlassian Jira 2.2 Atlassian Jira 2.2.1 Atlassian Jira 2.3 Atlassian Jira 2.4.1 Atlassian Jira 2.5.1 Atlassian Jira 2.5.2 Atlassian Jira 2.5.3 Atlassian Jira 2.6 Atlassian Jira 2.6.1 Atlassian Jira 3.0 Atlassian Jira 3.0.1 Atlassian Jira 3.0.2 Atlassian Jira 3.0.3 Atlassian Jira 3.1 Atlassian Jira 3.1.1 Atlassian Jira 3.2 Atlassian Jira 3.2.1 Atlassian Jira 3.2.2 Atlassian Jira 3.2.3 Atlassian Jira 3.3 Atlassian Jira 3.3.1 Atlassian Jira 3.3.2 Atlassian Jira 3.3.3 Atlassian Jira 3.4 Atlassian Jira 3.4.1 Atlassian Jira 3.4.2 Atlassian Jira 3.4.3 Atlassian Jira 3.5 Atlassian Jira 3.5.1 Atlassian Jira 3.5.2 Atlassian Jira 3.5.3 Atlassian Jira 3.6 Atlassian Jira 3.6.1 Atlassian Jira 3.6.2 Atlassian Jira 3.6.2_156 Atlassian Jira 3.6.3 Atlassian Jira 3.6.4 Atlassian Jira 3.6.5 Atlassian Jira 3.7 Atlassian Jira 3.7.1 Atlassian Jira 3.7.2 Atlassian Jira 3.7.3 Atlassian Jira 3.7.4 Atlassian Jira 3.8 Atlassian Jira 3.8.1 Atlassian Jira 3.9 Atlassian Jira 3.9.1 Atlassian Jira 3.9.2 Atlassian Jira 3.9.3 Atlassian Jira 3.10 Atlassian Jira 3.10.1 Atlassian Jira 3.10.2 Atlassian Jira 3.11 Atlassian Jira 3.12 Atlassian Jira 3.12.1 Atlassian Jira 3.12.2 Atlassian Jira 3.12.3 Atlassian Jira 3.13 Atlassian Jira 3.13.1 Atlassian Jira 3.13.2 Atlassian Jira 3.13.3 Atlassian Jira 3.13.4 Atlassian Jira 3.13.5 Atlassian Jira 4.0 Atlassian Jira 4.0.1 Atlassian Jira 4.0.2 Atlassian Jira 4.1 Atlassian Jira 4.1.1 Atlassian Jira 4.1.2 Atlassian Jira 4.2 Atlassian Jira 4.2.1 Atlassian Jira 4.2.2 Atlassian Jira 4.2.3 Atlassian Jira 4.2.4 Atlassian Jira 4.3 Atlassian Jira 4.3.1 Atlassian Jira 4.3.2 Atlassian Jira 4.3.3 Atlassian Jira 4.3.4 Atlassian Jira 4.4 Atlassian Jira 4.4.1 Atlassian Jira 4.4.2 Atlassian Jira 4.4.3 Atlassian Jira 4.4.4 Atlassian Jira 4.4.5 Atlassian Jira 4.5.0 Atlassian Jira 4.5.1 Atlassian Jira 4.5.2 Atlassian Jira 4.5.3 Atlassian Jira 4.5.4 Atlassian Jira 4.5.5 Atlassian Jira 4.5.6 Atlassian Jira 4.6.0 Atlassian Jira 4.6.1 Atlassian Jira 4.7.0 Atlassian Jira 4.7.1 Atlassian Jira 4.8.0 Atlassian Jira 4.8.1 Atlassian Jira 4.9.0 Atlassian Jira 4.9.1 Atlassian Jira 4.10.0 Atlassian Jira 4.11.0 Atlassian Jira 4.21.0 Atlassian Jira 5.0 Atlassian Jira 5.0.1 Atlassian Jira 5.0.2 Atlassian Jira 5.0.3 Atlassian Jira 5.0.4 Atlassian Jira 5.0.5 Atlassian Jira 5.0.6 Atlassian Jira 5.0.7 Atlassian Jira 5.1 Atlassian Jira 5.1.1 Atlassian Jira 5.1.2 Atlassian Jira 5.1.3 Atlassian Jira 5.1.4 Atlassian Jira 5.1.5 Atlassian Jira 5.1.6 Atlassian Jira 5.1.7 Atlassian Jira 5.1.8 Atlassian Jira 5.2 Atlassian Jira 5.2.1 Atlassian Jira 5.2.2 Atlassian Jira 5.2.3 Atlassian Jira 5.2.4 Atlassian Jira 5.2.4.1 Atlassian Jira 5.2.5 Atlassian Jira 5.2.6 Atlassian Jira 5.2.7 Atlassian Jira 5.2.8 Atlassian Jira 5.2.9 Atlassian Jira 5.2.10 Atlassian Jira 5.2.11 Atlassian Jira 6.0 Atlassian Jira 6.0.1 Atlassian Jira 6.0.2 Atlassian Jira 6.0.3 Atlassian Jira 6.0.4 Atlassian Jira 6.0.5 Atlassian Jira 6.0.6 Atlassian Jira 6.0.7 Atlassian Jira 6.0.8 Atlassian Jira 6.1 Atlassian Jira 6.1.1 Atlassian Jira 6.1.2 Atlassian Jira 6.1.3 Atlassian Jira 6.1.4 Atlassian Jira 6.1.5 Atlassian Jira 6.1.6 Atlassian Jira 6.1.7 Atlassian Jira 6.1.8 Atlassian Jira 6.1.9 Atlassian Jira 6.2 Atlassian Jira 6.2.1 Atlassian Jira 6.2.2 Atlassian Jira 6.2.3 Atlassian Jira 6.2.4 Atlassian Jira 6.2.5 Atlassian Jira 6.2.6 Atlassian Jira 6.2.7 Atlassian Jira 6.3 Atlassian Jira 6.3.1 Atlassian Jira 6.3.3 Atlassian Jira 6.3.4 Atlassian Jira 6.3.5 Atlassian Jira 6.3.6 Atlassian Jira 6.3.7 Atlassian Jira 6.3.8 Atlassian Jira 6.3.9 Atlassian Jira 6.3.10 Atlassian Jira 6.3.11 Atlassian Jira 6.3.12 Atlassian Jira 6.3.13 Atlassian Jira 6.3.14 Atlassian Jira 6.3.15 Atlassian Jira 6.4 Atlassian Jira 6.4.1 Atlassian Jira 6.4.2 Atlassian Jira 6.4.3 Atlassian Jira 6.4.4 Atlassian Jira 6.4.5 Atlassian Jira 6.4.6 Atlassian Jira 6.4.7 Atlassian Jira 6.4.8 Atlassian Jira 6.4.9 Atlassian Jira 6.4.10 Atlassian Jira 6.4.11 Atlassian Jira 6.4.12 Atlassian Jira 6.4.13 Atlassian Jira 6.4.14 Atlassian Jira 7.0.0 Atlassian Jira 7.0.2 Atlassian Jira 7.0.3 Atlassian Jira 7.0.4 Atlassian Jira 7.0.5 Atlassian Jira 7.0.9 Atlassian Jira 7.0.10 Atlassian Jira 7.0.10_ Atlassian Jira 7.0.11 Atlassian Jira 7.1.0 Atlassian Jira 7.1.1 Atlassian Jira 7.1.2 Atlassian Jira 7.1.4 Atlassian Jira 7.1.6 Atlassian Jira 7.1.7 Atlassian Jira 7.1.8 Atlassian Jira 7.1.9 Atlassian Jira 7.1.10 Atlassian Jira 7.1.12 Atlassian Jira 7.1.13 Atlassian Jira 7.1.14 Atlassian Jira 7.1.15 Atlassian Jira 7.1.16 Atlassian Jira 7.1.17 Atlassian Jira 7.2.0 Atlassian Jira 7.2.1 Atlassian Jira 7.2.2 Atlassian Jira 7.2.3 Atlassian Jira 7.2.4 Atlassian Jira 7.2.5 Atlassian Jira 7.2.6 Atlassian Jira 7.2.7 Atlassian Jira 7.2.8 Atlassian Jira 7.2.9 Atlassian Jira 7.2.10 Atlassian Jira 7.2.11 Atlassian Jira 7.2.12 Atlassian Jira 7.2.13 Atlassian Jira 7.2.14 Atlassian Jira 7.2.15 Atlassian Jira 7.3.0 Atlassian Jira 7.3.1 Atlassian Jira 7.3.2 Atlassian Jira 7.3.3 Atlassian Jira 7.3.4 Atlassian Jira 7.3.5 Atlassian Jira 7.3.6 Atlassian Jira 7.3.7 Atlassian Jira 7.3.8 Atlassian Jira 7.3.9 Atlassian Jira 7.4.0 Atlassian Jira 7.4.1 Atlassian Jira 7.4.2 Atlassian Jira 7.4.3 Atlassian Jira 7.4.4 Atlassian Jira 7.4.5 Atlassian Jira 7.4.6 Atlassian Jira 7.5.0 Atlassian Jira 7.5.1 Atlassian Jira 7.5.2 Atlassian Jira 7.5.3 Atlassian Jira 7.5.4 Atlassian Jira 7.6 Atlassian Jira 7.6.0 Atlassian Jira 7.6.1 Atlassian Jira 7.6.2 Atlassian Jira 7.6.3 Atlassian Jira 7.6.4 Atlassian Jira 7.6.5 Atlassian Jira 7.6.6 Atlassian Jira 7.6.7 Atlassian Jira 7.6.8 Atlassian Jira 7.6.9 Atlassian Jira 7.6.10 Atlassian Jira 7.6.11 Atlassian Jira 7.6.12 Atlassian Jira 7.6.13 Atlassian Jira 7.6.14 Atlassian Jira 7.6.15 Atlassian Jira 7.6.16 Atlassian Jira 7.6.17 Atlassian Jira 7.7 Atlassian Jira 7.7.0 Atlassian Jira 7.7.1 Atlassian Jira 7.7.2 Atlassian Jira 7.7.3 Atlassian Jira 7.7.4 Atlassian Jira 7.7.5 Atlassian Jira 7.8.0 Atlassian Jira 7.8.1 Atlassian Jira 7.8.2 Atlassian Jira 7.8.3 Atlassian Jira 7.8.4 Atlassian Jira 7.8.5 Atlassian Jira 7.9.0 Atlassian Jira 7.9.1 Atlassian Jira 7.9.2 Atlassian Jira 7.9.3 Atlassian Jira 7.10.0 Atlassian Jira 7.10.1 Atlassian Jira 7.10.2 Atlassian Jira 7.10.3 Atlassian Jira 7.11.0 Atlassian Jira 7.11.1 Atlassian Jira 7.11.2 Atlassian Jira 7.11.3 Atlassian Jira 7.12.0 Atlassian Jira 7.12.1 Atlassian Jira 7.12.2 Atlassian Jira 7.12.3 Atlassian Jira 7.12.4 Atlassian Jira 7.13.0 Atlassian Jira 7.13.1 Atlassian Jira 7.13.2 Atlassian Jira 7.13.3 Atlassian Jira 7.13.4 Atlassian Jira 7.13.5 Atlassian Jira 7.13.6 Atlassian Jira 7.13.7 Atlassian Jira 7.13.8 Atlassian Jira 7.13.9 Atlassian Jira 7.13.10 Atlassian Jira 7.13.11 Atlassian Jira 7.13.12 Atlassian Jira 7.13.13 Atlassian Jira 7.13.14 Atlassian Jira 7.13.15 Atlassian Jira 7.13.16 Atlassian Jira 7.13.17 Atlassian Jira 7.13.18 Atlassian Jira 8.0.0 Atlassian Jira 8.0.1 Atlassian Jira 8.0.2 Atlassian Jira 8.0.3 Atlassian Jira 8.0.4 Atlassian Jira 8.0.22	503

Nessus

NASL family	CGI abuses
NASL id	JIRA_CVE-2019_11583.NASL
description	According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is potentially affected by a unspecified flaw in
last seen	2020-06-01
modified	2020-06-02
plugin id	128326
published	2019-08-29
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/128326
title	Atlassian JIRA < 7.13.4 / 8.0.x < 8.1.0 Epic Name DoS (SB19-182)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(128326); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/28"); script_cve_id("CVE-2019-11583"); script_bugtraq_id(108901); script_name(english:"Atlassian JIRA < 7.13.4 / 8.0.x < 8.1.0 Epic Name DoS (SB19-182)"); script_set_attribute(attribute:"synopsis", value: "The remote web server hosts a web application that is potentially affected by denial of service vulnerability."); script_set_attribute(attribute:"description", value: "According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is potentially affected by a unspecified flaw in 'Epic Name' ordering operations. A remote, authenticated attacker could cause a denial of service."); script_set_attribute(attribute:"see_also", value:"https://jira.atlassian.com/browse/JSWSERVER-20111"); script_set_attribute(attribute:"see_also", value:"https://www.us-cert.gov/ncas/bulletins/SB19-182"); script_set_attribute(attribute:"solution", value: "Upgrade to Atlassian JIRA version 7.13.4 / 8.1.0 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11583"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/23"); script_set_attribute(attribute:"patch_publication_date", value:"2019/06/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/29"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/a:atlassian:jira"); script_set_attribute(attribute:"agent", value:"all"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("jira_detect.nasl", "atlassian_jira_win_installed.nbin", "atlassian_jira_nix_installed.nbin"); script_require_keys("installed_sw/Atlassian JIRA"); exit(0); } include('vcf.inc'); app_info = vcf::combined_get_app_info(app:'Atlassian JIRA'); constraints = [ { 'fixed_version' : '7.13.4' }, { 'min_version' : '8.0.0', 'fixed_version' : '8.1.0' } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);

Summary

Vulnerable Configurations

Nessus

References