Tuesday, May 28, 2024

Misconfigured JIRA Servers Leaks NASA and Hundreds of Fortune 500 Companies Sensitive Data

A misconfiguration vulnerability with JIRA servers leaks internal user and project data of hundreds and thousands of companies which were using JIRA.

The JIRA is an Atlassian task tracking systems used by lots of companies for bug tracking and project management. It is used in over 135,000 companies in 122 countries. It is an intended tool used by IT and business service desks.

Security Engineer Avinash Jain discovered the misconfiguration vulnerability in JIRA servers that lets anyone access the “internal user data, their name, email ids, their project details on which they were working, assignee of those projects and various other information.”

Several companies affected with the vulnerability that includes tech giants such as “as NASA, Google, Yahoo to Go-Jek, HipChat, Zendesk, Sapient, Dubsmash, Western union, Lenovo, 1password, Informatica, etc and many sectors of various government around the world.”

Wrong Permissions in JIRA

The misconfiguration issue is because of the wrong permission assigned while creating the filters and dashboards, while creating new filter or dashboards by default the visibility set to all users and everyone, instead of sharing everyone within the organization.

If the permission set to everyone, then anyone can access the sensitive data by just having the URL and also being indexed by search engines. The leak exposes following sensitive details.

  • all account’s employees’ names and emails,
  • employees’ roles through JIRA groups,
  • current projects, upcoming milestones through JIRA dashboards/filters

By using Google dorks search queries anyone can craft the search queries and pull out the sensitive information from JIRA servers.

“Thousands of companies filters, dashboards and staff data were publically exposed. It occurs because of the wrong permissions scheme set to filters and dashboards hence providing their access even to non-logged in users and hence leading to leaking of sensitive data,” Avinash Jain said.

He reported the leak to the affected companies, some companies fixed the issue and some companies yet to fix the issue.

To change the setting you can edit the current filter and set the visibility based on the project needs.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.

Website

Latest articles

Researchers Exploited Nexus Repository Using Directory Traversal Vulnerability

Hackers target and exploit GitHub repositories for a multitude of reasons and illicit purposes.The...

DDNS Service In Fortinet Or QNAP Embedded Devices Exposes Sensitive Data, Researchers Warn

Hackers employ DNS for various purposes like redirecting traffic to enable man-in-the-middle attacks, infecting...

PoC Exploit Released For macOS Privilege Escalation Vulnerability

A new vulnerability has been discovered in macOS Sonoma that is associated with privilege...

CatDDoS Exploiting 80+ Vulnerabilities, Attacking 300+ Targets Daily

Malicious traffic floods targeted systems, servers, or networks in Distributed Denial of Service (DDoS)...

GNOME Remote Desktop Vulnerability Let Attackers Read Login Credentials

GNOME desktop manager was equipped with a new feature which allowed remote users to...

Kesakode: A Remote Hash Lookup Service To Identify Malware Samples

Today marks a significant milestone for Malcat users with the release of version 0.9.6,...

Cisco Firepower Vulnerability Let Attackers Launch SQL Injection Attacks

 A critical vulnerability has been identified in Cisco Firepower Management Center (FMC) Software's web-based...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles