Talos IntelligenceTALOS-2019-0840Atlassian Jira Worklog Information Disclosure Vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
55.3%
Summary
A worklog information disclosure vulnerability exists in Atlassian Jira 7.6.4, from version 7.6.4 to 8.1.0. Authenticated users can view worklog details for issues they do not have permission to view via the /rest/api/2/worklog/list API endpoint. They can also obtain a list of worklog ID’s via /rest/api/2/worklog/updated.
Tested Versions
Atlassian Jira 7.6.4 Atlassian Jira 8.1.0
Product URLs
<https://www.atlassian.com/software/jira>
CVSSv3 Score
4.3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE
CWE-862 - Missing Authorization
Details
An attacker can use this vector to view details for arbitrary worklog entries. In order for the exploit to run successfully, the user must have a valid session.
Exploit Proof-of-Concept
Submit a POST to /rest/api/2/worklog/list with the following body:
{"ids": [12301]}
Timeline
2019-05-14 - Vendor Disclosure
2019-08-14 - Vendor Patched
2019-09-16 - Public Release
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
55.3%