Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Security Advisories for Jira Service Desk Server, November 2019

Atlassian has disclosed two critical severity security vulnerabilities (CVE-2019-15003 and CVE-2019-15004) in Jira Service Desk Server and Jira Service Desk Data Center on November 6, 2019. This article is designed to help you determine if you are affected and how to ask for help here on Community.

The TLDR (too long, didn't read)

We recommend upgrading your Jira Service Desk Server/Data Center instances to one of the following versions as soon as possible: 

All versions of Service Desk Server/Data Center before these versions are affected by these vulnerabilities.  Please read the full advisory which can be found at Jira Service Desk Security Advisory 2019-11-06.

Note that in order to upgrade Jira Service Desk to one of the versions above, you will need an active and valid license for Service Desk. 

If you are unable to upgrade your Jira Service Desk quickly for any reason, there are mitigation steps that can be taken to temporarily work-around this issue until such time when you can upgrade.  While the work-around steps are very similar in nature for these two, please note that there are slight difference between them for each CVE.

Mitigation steps for CVE-2019-15003

After upgrading Jira Service Desk this mitigation can be removed.

 

Mitigation steps for CVE-2019-15004

After upgrading Jira Service Desk this mitigation can be removed.

 

Select, Priority, and Premier support customers can raise technical support requests in regards to this advisory by going to https://support.atlassian.com/contact

However Starter license users will only have support provided through Community per our Support offerings.

We invite anyone that might have questions in relation to this security advisory, regardless of your support level, to ask a new question with this link.  Which will help us to track questions about this specific advisory.

0 comments

Comments for this post are closed

Community moderators have prevented the ability to post new comments.

TAGS
AUG Leaders

Atlassian Community Events