U.S. Dept Of Defense: CVE 2020 14179 on jira instance

Summary: An remote attacker can view the custom sla fields used in the jira instance and also can use the sla fields to make a jql query. Impact Information disclosure of the custom sla fields, senstive information leakage throught he jql query parameter Read more about the impact here:...

XSS in /includes/decorators/global-translations.jsp

Somewhat hard to exploit but still doable when it comes to cache poisoning. Steps to reproduce: Tamper with a GET request to http:///includes/decorators/global-translations.jsp with the Host header set to some XSS payload e.g. codealert/xss/code The offending lines in code pick this payload and...

statTypes REST API exposes all statistics field names anonymously

On an instance with no anonymous access enabled, /rest/gadget/1.0/statTypes returns a list of all stattable custom fields names and IDs in the instance in response to anonymous requests. This is a nasty exposure of data - admins have no way of knowing that private data shouldn't be put into custo...

Users getting "XSRF Security Token Missing" when Creating Issues

When trying to use our JIRA instance we keep getting lots of permissions errors which makes JIRA very difficult to use. If we keep trying then eventually it works. This has been happening for about the last week or so. It's very annoying as you keep having to enter the issues of the JIRA you're...

https://jira.atlassian.com/500page.jsp

this page shows all the data about JIRA instance to intruder. It makes it more vulnerable when you know the whole setup...

Direct access to issue via url discloses structure without authentication

If an issue is accessed via the direct url an error message discloses if the issue is existent or not - even when the use isn't logged-in. In contrast, an existing issue redirects to the login form. This knowledge may open an attack vector on private Jira instances that require authentication...