31 matches found
CVE-2019-16909
An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14J8 for Jira. It is possible to obtain a list of all Jira projects with authentication as a Jira user, but without authorization for specific projects via the plugins/servlet/nfj/NotificationSettings URI...
EUVD-2019-7403
Malware in sbrugna...
EUVD-2019-7406
Malware in sbrugna...
EUVD-2019-7405
Malware in sbrugna...
EUVD-2019-7404
Malware in sbrugna...
CVE-2019-16908
An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14J8 for Jira. It is possible to obtain a list of all Jira projects without authentication/authorization via the plugins/servlet/nfj/ProjectFilter?searchQuery= URI...
CVE-2019-16908
An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14J8 for Jira. It is possible to obtain a list of all Jira projects without authentication/authorization via the plugins/servlet/nfj/ProjectFilter?searchQuery= URI...
CVE-2019-16908
An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14J8 for Jira. It is possible to obtain a list of all Jira projects without authentication/authorization via the plugins/servlet/nfj/ProjectFilter?searchQuery= URI...
CVE-2019-16909
An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14J8 for Jira. It is possible to obtain a list of all Jira projects with authentication as a Jira user, but without authorization for specific projects via the plugins/servlet/nfj/NotificationSettings URI...
CVE-2019-16909
An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14J8 for Jira. It is possible to obtain a list of all Jira projects with authentication as a Jira user, but without authorization for specific projects via the plugins/servlet/nfj/NotificationSettings URI...
Design/Logic Flaw
An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14J8 for Jira. It is possible to obtain a list of all Jira projects with authentication as a Jira user, but without authorization for specific projects via the plugins/servlet/nfj/NotificationSettings URI...
Authorization
An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14J8 for Jira. It is possible to obtain a list of all Jira projects without authentication/authorization via the plugins/servlet/nfj/ProjectFilter?searchQuery= URI...
CVE-2019-16909
An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14J8 for Jira. It is possible to obtain a list of all Jira projects with authentication as a Jira user, but without authorization for specific projects via the plugins/servlet/nfj/NotificationSettings URI...
CVE-2019-16909
CVE-2019-16909 affects Infosysta “In-App & Desktop Notifications” for Jira prior to 1.6.14_J8. An authenticated Jira user without project authorization can enumerate all Jira projects via the endpoint plugins/servlet/nfj/NotificationSettings, exposing information about projects. Root cause: insuf...
CVE-2019-16908
CVE-2019-16908 affects Infosysta In-App & Desktop Notifications for Jira (before 1.6.14_J8). The vulnerability allows an unauthenticated user to obtain a list of all Jira projects via plugins/servlet/nfj/ProjectFilter?searchQuery=, due to an authorization check bypass in the plugin. Impact is inf...
CVE-2019-16908
An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14J8 for Jira. It is possible to obtain a list of all Jira projects without authentication/authorization via the plugins/servlet/nfj/ProjectFilter?searchQuery= URI...
CVE-2019-16907
An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13J8 for Jira. It is possible to obtain a list of all valid Jira usernames without authentication/authorization via the plugins/servlet/nfj/UserFilter?searchQuery=@ URI...
CVE-2019-16907
An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13J8 for Jira. It is possible to obtain a list of all valid Jira usernames without authentication/authorization via the plugins/servlet/nfj/UserFilter?searchQuery=@ URI...
CVE-2019-16906
An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13J8 for Jira. By using plugins/servlet/nfj/PushNotification?username= with a modified username, a different user's notifications can be read without authentication/authorization. These notifications are then no...
CVE-2019-16906
An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13J8 for Jira. By using plugins/servlet/nfj/PushNotification?username= with a modified username, a different user's notifications can be read without authentication/authorization. These notifications are then no...