Vulnerability in Atlassian Bamboo

CVE-2019-15005

The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The emai…

EPSS: 0.002 (44.1th percentile) — read the EPSS interpretation.

Affected products

Atlassian Bamboo — versions unspecified
Atlassian Bitbucket Server — versions unspecified
Atlassian Confluence Server — versions unspecified
Atlassian Crowd — versions unspecified
Atlassian Crucible — versions unspecified
Atlassian Fisheye — versions unspecified
Atlassian Jira Server — versions unspecified

References

jira.atlassian.com/browse/BAM-20647 (x_refsource_MISC)
herolab.usd.de/security-advisories/usd-2019-0016/ (x_refsource_MISC)