Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Security Advisories for Jira Service Desk Server, November 2019

Atlassian has disclosed two critical severity security vulnerabilities (CVE-2019-15003 and CVE-2019-15004) in Jira Service Desk Server and Jira Service Desk Data Center on November 6, 2019. This article is designed to help you determine if you are affected and how to ask for help here on Community.

The TLDR (too long, didn't read)

We recommend upgrading your Jira Service Desk Server/Data Center instances to one of the following versions as soon as possible: 

All versions of Service Desk Server/Data Center before these versions are affected by these vulnerabilities.  Please read the full advisory which can be found at Jira Service Desk Security Advisory 2019-11-06.

Note that in order to upgrade Jira Service Desk to one of the versions above, you will need an active and valid license for Service Desk. 

If you are unable to upgrade your Jira Service Desk quickly for any reason, there are mitigation steps that can be taken to temporarily work-around this issue until such time when you can upgrade.  While the work-around steps are very similar in nature for these two, please note that there are slight difference between them for each CVE.

Mitigation steps for CVE-2019-15003

After upgrading Jira Service Desk this mitigation can be removed.


Mitigation steps for CVE-2019-15004

After upgrading Jira Service Desk this mitigation can be removed.


Select, Priority, and Premier support customers can raise technical support requests in regards to this advisory by going to

However Starter license users will only have support provided through Community per our Support offerings.

We invite anyone that might have questions in relation to this security advisory, regardless of your support level, to ask a new question with this link.  Which will help us to track questions about this specific advisory.


Comments for this post are closed

Community moderators have prevented the ability to post new comments.

Community showcase
Published in Jira Service Management

Coming Soon: Insight Changing to Assets

The 2020 acquisition of Mindville added powerful asset and configuration management capabilities to Jira Service Management in the form of Insight. Following the completion of that integration, custo...

228 views 1 9
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you