Atlassian released security updates to address critical vulnerabilities in Jira Service Desk and Jira Service Desk Data Center. One of the flaw can lead to information disclosure, while another critical vulnerability addressed by Atlassian could allow server-side template injection leading to remote code execution. The Jira Service Desk is a help desk request tracker brought to you by Atlassian that allows companies to easily receive, track, manage, and resolve requests from your team’s customers.
The first vulnerability affecting Service Desk and Service Desk Data Center is a URL path traversal.
The flaw, tracked as CVE-2019-14994, could lead to information disclosure, it could be exploited by anyone with access to the portal, including customers. The vulnerability has been discovered by the security researcher Sam Curry.