3 matches found
The Trojan horse of cybercrime: Weaponizing SaaS notification pipelines
By Diana Brown Cisco Talos has recently observed an increase in activity that is leveraging notification pipelines in popular collaboration platforms to deliver spam and phishing emails. These emails are transmitted using the legitimate mail delivery infrastructure associated with GitHub and Jira...
PT-2021-22383 · Atlassian · Jira
Name of the Vulnerable Software and Affected Versions: Atlassian Jira Server and Data Center versions prior to 8.19.0 Description: The issue is related to a Broken Access Control vulnerability in the issue notification feature, allowing users who have watched an issue to continue receiving update...
CVE-2019-16906
An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13J8 for Jira. By using plugins/servlet/nfj/PushNotification?username= with a modified username, a different user's notifications can be read without authentication/authorization. These notifications are then no...