exploitDog

CVE-2022-38367

Опубликовано: 05 сент. 2022

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

The Netic User Export add-on before 2.0.6 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all users from Jira by making an HTTP request to the affected endpoint.

Ссылки

https://gist.github.com/CveCt0r/72a0b6292cd8d80499cf5971ae58147f
Third Party Advisory
https://marketplace.atlassian.com/apps/1220535/user-export-for-jira
Product
Vendor Advisory
https://gist.github.com/CveCt0r/72a0b6292cd8d80499cf5971ae58147f
Third Party Advisory
https://marketplace.atlassian.com/apps/1220535/user-export-for-jira
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:netic:user_export_for_jira:*:*:*:*:*:*:*:*

Версия до 2.0.6 (исключая)

EPSS

Процентиль: 73%

0.0078

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-3r75-2r54-55vx

CVSS3: 5.3

github

больше 3 лет назад

The Netic User Export add-on before 2.0.6 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all users from Jira by making an HTTP request to the affected endpoint.

EPSS

Процентиль: 73%

0.0078

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-862