Vulnerabilities > CVE-2019-14995 - Missing Authorization vulnerability in Atlassian Jira Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
The /rest/api/1.0/render resource in Jira before version 8.4.0 allows remote anonymous attackers to determine if an attachment with a specific name exists and if an issue key is valid via a missing permissions check.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family | CGI abuses |
NASL id | JIRA_8_4_0.NASL |
description | According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is prior to prior to 8.4.0. It is, therefore, affected by multiple vulnerabilities: - An authorization bypass vulnerability exists in the /rest/issueNav/1/issueTable resource as well as the /rest/api/latest/groupuserpicker resource. An unauthenticated, remote attacker can exploit this, to enumerate usernames due to an incorrect authorization check. (CVE-2019-8449) - A server-side request forgery (SSRF) vulnerability exists in the /plugins/servlet/gadgets/makeRequest resource due to a logic bug in the JiraWhitelist class. A remote attacker can exploit this to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability. (CVE-2019-8451) - An authentication bypass vulnerability exists in the /rest/api/1.0/render rest resource. An unauthenticated, remote attacker can exploit this, to determine if an attachment with a specific name exists and if an issue key is valid due to a missing permissions check. (CVE-2019-14995) - An information disclosure vulnerability exists in the AccessLogFilter class due to a caching vulnerability. A remote anonymous attackers can exploit this to access details about other users, including their username, when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN. (CVE-2019-14997) - A cross-site request forgery (XSRF) vulnerability exists in Webwork action Cross-Site Request Forgery (CSRF) protection. A remote attacker can exploit this by bypassing its protection by |
last seen | 2020-04-10 |
modified | 2019-09-20 |
plugin id | 129099 |
published | 2019-09-20 |
reporter | This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/129099 |
title | Atlassian JIRA < 8.4.0 Multiple Vulnerabilities |
code |
|
Talos
id TALOS-2019-0836 last seen 2019-09-17 published 2019-09-16 reporter Talos Intelligence source http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0836 title Atlassian Jira Issue Key Information Disclosure Vulnerability id TALOS-2019-0837 last seen 2019-09-17 published 2019-09-16 reporter Talos Intelligence source http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0837 title Atlassian Jira issue attachment name information disclosure vulnerability
References
- https://jira.atlassian.com/browse/JRASERVER-69792
- https://jira.atlassian.com/browse/JRASERVER-69792
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0836
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0836
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0837
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0837