Описание
An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects (with authentication as a Jira user, but without authorization for specific projects) via the plugins/servlet/nfj/NotificationSettings URI.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ProductThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ProductThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.6.14_j8 (исключая)
cpe:2.3:a:infosysta:in-app_\&_desktop_notifications:*:*:*:*:*:jira:*:*
EPSS
Процентиль: 51%
0.00281
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 4.3
github
больше 3 лет назад
An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects (with authentication as a Jira user, but without authorization for specific projects) via the plugins/servlet/nfj/NotificationSettings URI.
EPSS
Процентиль: 51%
0.00281
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-862