CVE of Confluence/Jira/Bitbucket

CVE-2019-15005

The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into. A vulnerable version of the plugin is included with Bitbucket Server / Data Center before 6.6.0, Confluence Server / Data Center before 7.0.1, Jira Server / Data Center before 8.3.2, Crowd / Crowd Data Center before 3.6.0, Fisheye before 4.7.2, Crucible before 4.7.2, and Bamboo before 6.10.2.

CVSS: 4.3

参考：
https://jira.atlassian.com/browse/BSERV-11960
https://jira.atlassian.com/browse/BAM-20647

PoC:
https://herolab.usd.de/security-advisories/usd-2019-0016/

CVE-2018-20237

Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature.

参考：
https://jira.atlassian.com/browse/CONFSERVER-57814

CVE-2018-18289

The MESILAT Zabbix plugin before 1.1.15 for Atlassian Confluence allows attackers to read arbitrary files.

CVE-2018-5225

In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository.

在这里插入图片描述
参考：
https://jira.atlassian.com/browse/BSERV-10684
https://confluence.atlassian.com/bitbucketserver/bitbucket-server-security-advisory-2018-03-21-946627549.html

CVE-2017-18087

The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them to gain code execution, exploit CVE-2017-1000117 if a vulnerable version of git is in use, and or determine if an internal service exists via an argument injection vulnerability in the at parameter.

参考：
https://jira.atlassian.com/browse/BSERV-10593
https://github.com/greymd/CVE-2017-1000117
http://blog.nsfocus.net/git-ssh-cve-2017-1000117/

caiqiiqi

发布了601 篇原创文章 · 获赞 101 · 访问量 100万+

他的留言板关注