Atlassian JIRA Service Desk Path Traversal Vulnerability (2019-09-18)
Medium Nessus Plugin ID 129405
SynopsisThe remote web server hosts a web application that is potentially affected by a path traversal vulnerability.
DescriptionAccording to its self-reported version number, the instance of Atlassian Service Desk hosted on the remote web server is prior to 3.9.16, 3.1x.x prior to 3.16.8, 4.0.x prior to 4.1.3, 4.2.x prior to 4.2.5, 4.3.x prior to 4.3.4, 4.4.x prior to 4.4.1. It is, therefore, affected by an url path traversal vulnerability in Jira Service Desk Server and Jira Service Desk Data Center. An authenticated, remote attacker can exploit this to view all issues from all the projects in the affected instance.
SolutionUpgrade to Atlassian JIRA Service Desk Server 3.9.16 / 3.16.8 / 4.1.3 / 4.2.5 / 4.3.4 / 4.4.1 or later