ASA-2019-00394 – Atlassian Jira: Denial of service in issue searching through Epic Name ordering

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00394

Identifier(s)

ASA-2019-00394, CVE-2019-11583

Title

Denial of service in issue searching through Epic Name ordering

Vendor(s)

Atlassian

Product(s)

Atlassian Jira

Affected version(s)

Atlassian Jira before version 8.1.0

Fixed version(s)

Atlassian Jira version 8.1.0

Proof of concept

Unknown

Description

The issue searching component in Jira before version 8.1.0 allows remote attackers to deny access to Jira service via denial of service vulnerability in issue search when ordering by “Epic Name”.

Technical details

Unknown

Credits

Unknown

Reference(s)

Denial of service in issue searching through Epic Name ordering – CVE-2019-11583
https://jira.atlassian.com/browse/JSWSERVER-20111

CVE-2019-11583
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11583

CVE-2019-11583
https://nvd.nist.gov/vuln/detail/CVE-2019-11583

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: June 29, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.