3 matches found
CVE-2019-16909
An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14J8 for Jira. It is possible to obtain a list of all Jira projects with authentication as a Jira user, but without authorization for specific projects via the plugins/servlet/nfj/NotificationSettings URI...
CVE-2019-16909
CVE-2019-16909 affects Infosysta “In-App & Desktop Notifications” for Jira prior to 1.6.14_J8. An authenticated Jira user without project authorization can enumerate all Jira projects via the endpoint plugins/servlet/nfj/NotificationSettings, exposing information about projects. Root cause: insuf...
Infosysta Jira 1.6.13_J8 Project List Authentication Bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2019-042 Product: In-App & Desktop Notification for Jira Manufacturer: Infosysta Affected Versions: 1.6.13J8 Tested Versions: 1.6.13J8 Vulnerability Type: Authentication/Authorization Bypass Risk Level: Medium Solution Status: Clos...