Jira ServerºÍService Desk¶à¸ö·ì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2019-09-23

¡ñ·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-14994£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬CVSS·ÖÖµ£º7.5

CVE±àºÅ£ºCVE-2019-15001£¬Î£ÏÕ¼¶±ð£ºÑϳÁ£¬CVSS·ÖÖµ£º7.2


¡ñÓ°Ïì°æ±¾


CVE-2019-14994

Affected Jira Service Desk Server and Jira Service Desk Data Center Versions

version < 3.9.16

3.10.0 <= version < 3.16.8

4.0.0 <= version < 4.1.3

4.2.0 <= version < 4.2.5

4.3.0 <= version < 4.3.4

4.4.0 <= version < 4.4.1


CVE-2019-15001

Affected Jira Server & Jira Data Center Versions

starting with 7.0.10

7.1.x

7.2.x

7.3.x

7.4.x

7.5.x

7.6.x before 7.6.16 (the fixed version for 7.6.x)

7.7.x

7.8.x

7.9.x

7.10.x

7.11.x

7.12.x

7.13.x before 7.13.8 (the fixed version for 7.13.x)

8.0.x  

8.1.x before 8.1.3 (the fixed version for 8.1.x)

8.2.x before 8.2.5 (the fixed version for 8.2.x)

8.3.x before 8.3.4 (the fixed version for 8.3.x)

8.4.0


¡ñ·ì϶¸ÅÊö


Atlassian°ä²¼Jira ServerºÍService DeskµÄ°²È«¸üУ¬½¨¸´Á½¸ö°²È«·ì϶¡£


CVE-2019-14994


Atlassian Jira Service Desk ServerºÍAtlassian Jira Service Desk Data Center¶¼ÊÇ°Ä´óÀûÑÇAtlassian¹«Ë¾µÄ²úÆ·¡£Atlassian Jira Service Desk ServerÊÇÒ»Ì×IT·þÎñ̨ÓëÒªÇó¸ú×ÙϵͳµÄ·þÎñÆ÷°æ±¾¡£¸ÃϵͳÖØÒªÓÃÓڽӹܡ¢¸ú×ÙºÍÖÎÀíÍŶӿͻ§µÄÒªÇó¡£Atlassian Jira Service Desk Data CenterÊÇAtlassian Jira Service DeskµÄÊý¾ÝÖÐÐÄ°æ±¾¡£


Customer Context FilterÊÇÆäÖеÄÒ»¸ö¸ßµÍÎĹýÂËÆ÷¡£ Atlassian Jira Service Desk ServerºÍAtlassian Jira Service Desk Data CenterÖеÄCustomer Context Filter´æÔÚõ辶±éÀú·ì϶¡£¸Ã·ì϶ԴÓÚÍøÂçϵͳ»ò²úƷδÄÜÕýÈ·µØ¹ýÂË×ÊÔ´»òÎļþõ辶ÖеÄÌØÊâÔªËØ¡£¹¥»÷ÕßÄܹ»ÀûÓô˷ì϶²é¿´Ö¸±êÊ·ýÖеÄËùÓÐJiraÏîÄ¿£¬Ô̺¬Service DeskÏîÄ¿¡¢Jira CoreÏîÄ¿ºÍJira SoftwareÏîÄ¿¡£


×êÑÐÈËÔ±»ã±¨³Æ2.5Íò¶à¸öÒ×Êܹ¥»÷µÄÊ·ýÔÚÍøÉ϶³ö£¬ËüÃÇÊôÓÚÒ½ÁÆ¡¢µ±¾Ö¡¢½ÌÓýºÍÔì×÷ÐÐÒµµÈ¡£


CVE-2019-15001


Atlassian JIRA ServerºÍAtlassian JIRA Data Center¶¼ÊÇ°Ä´óÀûÑÇAtlassian£¨Atlassian£©¹«Ë¾µÄ²úÆ·¡£Atlassian JIRA ServerÊÇÒ»Ì×ȱµã¸ú×ÙÖÎÀíϵͳµÄ·þÎñÆ÷°æ±¾¡£¸ÃϵͳÖØÒªÓÃÓÚ¶Ô¹¤×÷Öи÷ÀàÎÊÌ⡢ȱµã½øÐиú×ÙÖÎÀí¡£Atlassian JIRA Data CenterÊÇAtlassian JIRAµÄÊý¾ÝÖÐÐÄ°æ±¾¡£


Jira Importers Plugin£¨JIM£©ÊÇÆäÖеÄÒ»¸öÎļþ/Êý¾Ýµ¼Èë²å¼þ¡£ Atlassian JIRA ServerºÍAtlassian JIRA Data CenterÖеÄJira Importers Plugin´æÔÚ×¢Èë·ì϶¡£¸Ã·ì϶ԴÓÚÓû§ÊäÈë»ú¹ØºÅÁî¡¢Êý¾Ý½á¹¹»ò¼Í¼µÄ²Ù×÷¹ý³ÌÖУ¬ÍøÂçϵͳ»ò²úÆ·²»×ã¶ÔÓû§ÊäÈëÊý¾ÝµÄÕýÈ·ÑéÖ¤£¬Î´¹ýÂË»òδÕýÈ·¹ýÂ˵ôÆäÖеÄÌØÊâÔªËØ£¬µ¼ÖÂϵͳ»ò²úÆ·²úÉú½âÎö»òÚ¹ÊÍ·½Ê½ÃýÎó¡£


¡ñ·ì϶ÑéÖ¤


ÔÝÎÞPOC/EXP¡£


¡ñ½¨¸´½¨Òé


Ä¿Ç°³§ÉÌÒÑ°ä²¼Éý¼¶²¹¶¡ÒÔ½¨¸´·ì϶£¬ÏÂÔØÁ´½Ó£º

https://confluence.atlassian.com/jira/jira-service-desk-security-advisory-2019-09-18-976171274.html

https://confluence.atlassian.com/jira/jira-security-advisory-2019-09-18-976766250.html


¡ñ²Î¿¼Á´½Ó


https://www.bleepingcomputer.com/news/security/jira-server-and-service-desk-fix-critical-security-bugs/